You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mu...@apache.org on 2017/07/06 04:24:02 UTC
[01/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Repository: ambari
Updated Branches:
refs/heads/trunk 19d4200e7 -> 3dc51b0c9
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/themes/theme_version_1.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/themes/theme_version_1.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/themes/theme_version_1.json
new file mode 100644
index 0000000..848f10b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/themes/theme_version_1.json
@@ -0,0 +1,409 @@
+{
+ "name": "default",
+ "description": "Default theme for Ranger KMS service",
+ "configuration": {
+ "layouts": [
+ {
+ "name": "default",
+ "tabs": [
+ {
+ "name": "db_settings",
+ "display-name": "Settings",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-db-settings",
+ "display-name": "",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "4",
+ "column-span": "2",
+ "section-columns": "2",
+ "section-rows": "4",
+ "subsections": [
+ {
+ "name": "subsection-kms-db-row1-col1",
+ "display-name": "Ranger KMS DB",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-kms-db-row1-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-kms-create-db-user-row2-col",
+ "display-name": "Setup Database and Database User",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "2"
+ },
+ {
+ "name": "subsection-kms-db-root-user-row3-col1",
+ "display-name": "Ranger KMS Root DB",
+ "row-index": "2",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs":[
+ "kms-env/create_db_user"
+ ],
+ "if": "${kms-env/create_db_user}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "subsection-kms-db-root-user-row3-col2",
+ "row-index": "2",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs":[
+ "kms-env/create_db_user"
+ ],
+ "if": "${kms-env/create_db_user}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "subsection-kms-master-row4-col",
+ "display-name": "KMS Master Secret Password",
+ "row-index": "3",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "2"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "kms_hsm",
+ "display-name": "KMS HSM",
+ "layout": {
+ "tab-columns": "1",
+ "tab-rows": "1",
+ "sections": [
+ {
+ "name": "section-kms-hms",
+ "display-name": "",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "2",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "2",
+ "subsections": [
+ {
+ "name": "subsection-kms-hsm-row1-col1",
+ "display-name": "Ranger KMS HSM Enabled",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-kms-hsm-row2-col1",
+ "display-name": "Configuration Settings",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs": [
+ "dbks-site/ranger.ks.hsm.enabled"
+ ],
+ "if": "${dbks-site/ranger.ks.hsm.enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ],
+ "placement": {
+ "configuration-layout": "default",
+ "configs": [
+ {
+ "config": "kms-properties/DB_FLAVOR",
+ "subsection-name": "subsection-kms-db-row1-col1"
+ },
+ {
+ "config": "kms-properties/db_name",
+ "subsection-name": "subsection-kms-db-row1-col1"
+ },
+ {
+ "config": "dbks-site/ranger.ks.jpa.jdbc.url",
+ "subsection-name": "subsection-kms-db-row1-col1"
+ },
+ {
+ "config": "kms-properties/db_user",
+ "subsection-name": "subsection-kms-db-row1-col1"
+ },
+ {
+ "config": "kms-properties/db_host",
+ "subsection-name": "subsection-kms-db-row1-col2"
+ },
+ {
+ "config": "kms-properties/SQL_CONNECTOR_JAR",
+ "subsection-name": "subsection-kms-db-row1-col2",
+ "depends-on" : [
+ {
+ "configs":[
+ "kms-properties/DB_FLAVOR"
+ ],
+ "if": "${kms-properties/DB_FLAVOR} === SQLA",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "dbks-site/ranger.ks.jpa.jdbc.driver",
+ "subsection-name": "subsection-kms-db-row1-col2"
+ },
+ {
+ "config": "kms-properties/db_password",
+ "subsection-name": "subsection-kms-db-row1-col2"
+ },
+ {
+ "config": "kms-properties/db_root_user",
+ "subsection-name": "subsection-kms-db-root-user-row3-col1"
+ },
+ {
+ "config": "kms-properties/db_root_password",
+ "subsection-name": "subsection-kms-db-root-user-row3-col2"
+ },
+ {
+ "config": "kms-properties/KMS_MASTER_KEY_PASSWD",
+ "subsection-name": "subsection-kms-master-row4-col"
+ },
+ {
+ "config" : "kms-env/create_db_user",
+ "subsection-name": "subsection-kms-create-db-user-row2-col"
+ },
+ {
+ "config": "kms-env/test_db_kms_connection",
+ "subsection-name": "subsection-kms-create-db-user-row2-col",
+ "property_value_attributes": {
+ "ui_only_property": true
+ },
+ "depends-on": [
+ {
+ "configs":[
+ "kms-env/create_db_user"
+ ],
+ "if": "${kms-env/create_db_user}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.enabled",
+ "subsection-name": "subsection-kms-hsm-row1-col1"
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.type",
+ "subsection-name": "subsection-kms-hsm-row2-col1"
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.partition.name",
+ "subsection-name": "subsection-kms-hsm-row2-col1"
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
+ "subsection-name": "subsection-kms-hsm-row2-col1"
+ },
+ {
+ "config": "kms-env/hsm_partition_password",
+ "subsection-name": "subsection-kms-hsm-row2-col1"
+ }
+ ]
+ },
+ "widgets": [
+ {
+ "config": "kms-properties/DB_FLAVOR",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "kms-properties/db_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/db_name",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/SQL_CONNECTOR_JAR",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/db_root_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/db_host",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-properties/db_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "kms-properties/db_root_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "kms-properties/KMS_MASTER_KEY_PASSWD",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "kms-env/create_db_user",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "kms-env/test_db_kms_connection",
+ "widget": {
+ "type": "test-db-connection",
+ "display-name": "Test Connection",
+ "required-properties": {
+ "jdbc.driver.class": "dbks-site/ranger.ks.jpa.jdbc.driver",
+ "jdbc.driver.url": "dbks-site/ranger.ks.jpa.jdbc.url",
+ "db.connection.source.host": "ranger_kms-site/ranger_kms_server_hosts",
+ "db.type": "kms-properties/DB_FLAVOR",
+ "db.connection.destination.host": "kms-properties/db_host",
+ "db.connection.user": "kms-properties/db_user",
+ "db.connection.password": "kms-properties/db_password"
+ }
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.jpa.jdbc.driver",
+ "widget" : {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.jpa.jdbc.url",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.type",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.partition.name",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "kms-env/hsm_partition_password",
+ "widget": {
+ "type": "password"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER/metainfo.xml
index c8b3d65..12aa559 100644
--- a/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER/metainfo.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER/metainfo.xml
@@ -20,8 +20,8 @@
<services>
<service>
<name>RANGER</name>
- <version>0.7.0.3.0</version>
- <extends>common-services/RANGER/0.7.0.3.0</extends>
+ <version>1.0.0.3.0</version>
+ <extends>common-services/RANGER/1.0.0.3.0</extends>
</service>
</services>
</metainfo>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER_KMS/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER_KMS/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER_KMS/metainfo.xml
index 3375d90..3942ed3 100644
--- a/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER_KMS/metainfo.xml
+++ b/ambari-server/src/main/resources/stacks/HDP/3.0/services/RANGER_KMS/metainfo.xml
@@ -20,8 +20,8 @@
<services>
<service>
<name>RANGER_KMS</name>
- <version>0.5.0.3.0</version>
- <extends>common-services/RANGER_KMS/0.5.0.3.0</extends>
+ <version>1.0.0.3.0</version>
+ <extends>common-services/RANGER_KMS/1.0.0.3.0</extends>
</service>
</services>
</metainfo>
[08/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/setup_ranger_xml.py
new file mode 100644
index 0000000..c84ae96
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/setup_ranger_xml.py
@@ -0,0 +1,853 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import os
+import re
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.default import default
+from resource_management.core.logger import Logger
+from resource_management.core.resources.system import File, Directory, Execute, Link
+from resource_management.core.source import DownloadSource, InlineTemplate, Template
+from resource_management.libraries.resources.xml_config import XmlConfig
+from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
+from resource_management.libraries.resources.properties_file import PropertiesFile
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.decorator import retry
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.core.utils import PasswordString
+from resource_management.core.shell import as_sudo
+from resource_management.libraries.functions import solr_cloud_util
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.core.exceptions import ExecutionFailed
+
+# This file contains functions used for setup/configure of Ranger Admin and Ranger Usersync.
+# The design is to mimic what is done by the setup.sh script bundled by Ranger component currently.
+
+def ranger(name=None, upgrade_type=None):
+ """
+ parameter name: name of ranger service component
+ """
+ if name == 'ranger_admin':
+ setup_ranger_admin(upgrade_type=upgrade_type)
+
+ if name == 'ranger_usersync':
+ setup_usersync(upgrade_type=upgrade_type)
+
+ if name == 'ranger_tagsync':
+ setup_tagsync(upgrade_type=upgrade_type)
+
+def setup_ranger_admin(upgrade_type=None):
+ import params
+
+ if upgrade_type is None:
+ upgrade_type = Script.get_upgrade_type(default("/commandParams/upgrade_type", ""))
+
+ ranger_home = params.ranger_home
+ ranger_conf = params.ranger_conf
+
+ Directory(ranger_conf,
+ owner = params.unix_user,
+ group = params.unix_group,
+ create_parents = True
+ )
+
+ copy_jdbc_connector()
+
+ File(format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"),
+ content = DownloadSource(format("{jdk_location}{check_db_connection_jar_name}")),
+ mode = 0644,
+ )
+
+ cp = format("{check_db_connection_jar}")
+ if params.db_flavor.lower() == 'sqla':
+ cp = cp + os.pathsep + format("{ranger_home}/ews/lib/sajdbc4.jar")
+ else:
+ cp = cp + os.pathsep + format("{driver_curl_target}")
+ cp = cp + os.pathsep + format("{ranger_home}/ews/lib/*")
+
+ db_connection_check_command = format(
+ "{java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_jdbc_connection_url}' {ranger_db_user} {ranger_db_password!p} {ranger_jdbc_driver}")
+
+ env_dict = {}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'LD_LIBRARY_PATH':params.ld_lib_path}
+
+ Execute(db_connection_check_command, path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', tries=5, try_sleep=10, environment=env_dict)
+
+ Execute(('ln','-sf', format('{ranger_home}/ews/webapp/WEB-INF/classes/conf'), format('{ranger_home}/conf')),
+ not_if=format("ls {ranger_home}/conf"),
+ only_if=format("ls {ranger_home}/ews/webapp/WEB-INF/classes/conf"),
+ sudo=True)
+
+ if upgrade_type is not None:
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml')
+ dst_file = format('{ranger_home}/conf/ranger-admin-default-site.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml')
+ dst_file = format('{ranger_home}/conf/security-applicationContext.xml')
+
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ Directory(format('{ranger_home}/'),
+ owner = params.unix_user,
+ group = params.unix_group,
+ recursive_ownership = True,
+ )
+
+ Directory(params.ranger_pid_dir,
+ mode=0755,
+ owner = params.unix_user,
+ group = params.user_group,
+ cd_access = "a",
+ create_parents=True
+ )
+
+ if params.stack_supports_pid:
+ File(format('{ranger_conf}/ranger-admin-env-piddir.sh'),
+ content = format("export RANGER_PID_DIR_PATH={ranger_pid_dir}\nexport RANGER_USER={unix_user}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(params.admin_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group,
+ create_parents = True,
+ cd_access='a',
+ mode=0755
+ )
+
+ File(format('{ranger_conf}/ranger-admin-env-logdir.sh'),
+ content = format("export RANGER_ADMIN_LOG_DIR={admin_log_dir}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ if os.path.isfile(params.ranger_admin_default_file):
+ File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
+ else:
+ Logger.warning('Required file {0} does not exist, copying the file to {1} path'.format(params.ranger_admin_default_file, ranger_conf))
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml')
+ dst_file = format('{ranger_home}/conf/ranger-admin-default-site.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+ File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
+
+ if os.path.isfile(params.security_app_context_file):
+ File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
+ else:
+ Logger.warning('Required file {0} does not exist, copying the file to {1} path'.format(params.security_app_context_file, ranger_conf))
+ src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml')
+ dst_file = format('{ranger_home}/conf/security-applicationContext.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+ File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
+
+ if upgrade_type is not None and params.stack_supports_config_versioning:
+ if os.path.islink('/usr/bin/ranger-admin'):
+ Link('/usr/bin/ranger-admin', action="delete")
+
+ Link('/usr/bin/ranger-admin',
+ to=format('{ranger_home}/ews/ranger-admin-services.sh'))
+
+ if default("/configurations/ranger-admin-site/ranger.authentication.method", "") == 'PAM':
+ d = '/etc/pam.d'
+ if os.path.isdir(d):
+ if os.path.isfile(os.path.join(d, 'ranger-admin')):
+ Logger.info('ranger-admin PAM file already exists.')
+ else:
+ File(format('{d}/ranger-admin'),
+ content=Template('ranger_admin_pam.j2'),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0644
+ )
+ if os.path.isfile(os.path.join(d, 'ranger-remote')):
+ Logger.info('ranger-remote PAM file already exists.')
+ else:
+ File(format('{d}/ranger-remote'),
+ content=Template('ranger_remote_pam.j2'),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0644
+ )
+ else:
+ Logger.error("Unable to use PAM authentication, /etc/pam.d/ directory does not exist.")
+
+ Execute(('ln','-sf', format('{ranger_home}/ews/ranger-admin-services.sh'),'/usr/bin/ranger-admin'),
+ not_if=format("ls /usr/bin/ranger-admin"),
+ only_if=format("ls {ranger_home}/ews/ranger-admin-services.sh"),
+ sudo=True)
+
+ # remove plain-text password from xml configs
+
+ ranger_admin_site_copy = {}
+ ranger_admin_site_copy.update(params.config['configurations']['ranger-admin-site'])
+ for prop in params.ranger_admin_password_properties:
+ if prop in ranger_admin_site_copy:
+ ranger_admin_site_copy[prop] = "_"
+
+ XmlConfig("ranger-admin-site.xml",
+ conf_dir=ranger_conf,
+ configurations=ranger_admin_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-admin-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ Directory(os.path.join(ranger_conf,'ranger_jaas'),
+ mode=0700,
+ owner=params.unix_user,
+ group=params.unix_group,
+ )
+
+ if params.stack_supports_ranger_log4j:
+ File(format('{ranger_home}/ews/webapp/WEB-INF/log4j.properties'),
+ owner=params.unix_user,
+ group=params.unix_group,
+ content=InlineTemplate(params.admin_log4j),
+ mode=0644
+ )
+
+ do_keystore_setup(upgrade_type=upgrade_type)
+
+ create_core_site_xml(ranger_conf)
+
+ if params.stack_supports_ranger_kerberos and params.security_enabled:
+ if params.is_hbase_ha_enabled and params.ranger_hbase_plugin_enabled:
+ XmlConfig("hbase-site.xml",
+ conf_dir=ranger_conf,
+ configurations=params.config['configurations']['hbase-site'],
+ configuration_attributes=params.config['configuration_attributes']['hbase-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+ if params.is_namenode_ha_enabled and params.ranger_hdfs_plugin_enabled:
+ XmlConfig("hdfs-site.xml",
+ conf_dir=ranger_conf,
+ configurations=params.config['configurations']['hdfs-site'],
+ configuration_attributes=params.config['configuration_attributes']['hdfs-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+def setup_ranger_db(stack_version=None):
+ import params
+
+ ranger_home = params.ranger_home
+ version = params.version
+ if stack_version is not None:
+ ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
+ version = stack_version
+
+ copy_jdbc_connector(stack_version=version)
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'audit_store': params.ranger_audit_source_type},
+ owner = params.unix_user,
+ )
+
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
+
+ # User wants us to setup the DB user and DB?
+ if params.create_db_dbuser:
+ Logger.info('Setting up Ranger DB and DB User')
+ dba_setup = format('ambari-python-wrap {ranger_home}/dba_script.py -q')
+ Execute(dba_setup,
+ environment=env_dict,
+ logoutput=True,
+ user=params.unix_user,
+ )
+ else:
+ Logger.info('Separate DBA property not set. Assuming Ranger DB and DB User exists!')
+
+ db_setup = format('ambari-python-wrap {ranger_home}/db_setup.py')
+ Execute(db_setup,
+ environment=env_dict,
+ logoutput=True,
+ user=params.unix_user,
+ )
+
+
+def setup_java_patch(stack_version=None):
+ import params
+
+ ranger_home = params.ranger_home
+ if stack_version is not None:
+ ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
+
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
+
+ setup_java_patch = format('ambari-python-wrap {ranger_home}/db_setup.py -javapatch')
+ Execute(setup_java_patch,
+ environment=env_dict,
+ logoutput=True,
+ user=params.unix_user,
+ )
+
+
+def do_keystore_setup(upgrade_type=None):
+ import params
+
+ ranger_home = params.ranger_home
+ cred_lib_path = params.cred_lib_path
+
+ if not is_empty(params.ranger_credential_provider_path):
+ ranger_credential_helper(cred_lib_path, params.ranger_jpa_jdbc_credential_alias, params.ranger_ambari_db_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password):
+ ranger_credential_helper(cred_lib_path, params.ranger_jpa_audit_jdbc_credential_alias, params.ranger_ambari_audit_db_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if params.ranger_auth_method.upper() == "LDAP":
+ ranger_credential_helper(params.cred_lib_path, params.ranger_ldap_password_alias, params.ranger_ldap_bind_auth_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if params.ranger_auth_method.upper() == "ACTIVE_DIRECTORY":
+ ranger_credential_helper(params.cred_lib_path, params.ranger_ad_password_alias, params.ranger_ad_bind_auth_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ if params.stack_supports_secure_ssl_password:
+ ranger_credential_helper(params.cred_lib_path, params.ranger_truststore_alias, params.truststore_password, params.ranger_credential_provider_path)
+
+ if params.https_enabled and not params.http_enabled:
+ ranger_credential_helper(params.cred_lib_path, params.ranger_https_keystore_alias, params.https_keystore_password, params.ranger_credential_provider_path)
+
+ File(params.ranger_credential_provider_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+def password_validation(password):
+ import params
+ if password.strip() == "":
+ raise Fail("Blank password is not allowed for Bind user. Please enter valid password.")
+ if re.search("[\\\`'\"]",password):
+ raise Fail("LDAP/AD bind password contains one of the unsupported special characters like \" ' \ `")
+ else:
+ Logger.info("password validated")
+
+def copy_jdbc_connector(stack_version=None):
+ import params
+
+ if params.jdbc_jar_name is None and params.driver_curl_source.endswith("/None"):
+ error_message = format("{db_flavor} jdbc driver cannot be downloaded from {jdk_location}\nPlease run 'ambari-server setup --jdbc-db={db_flavor} --jdbc-driver={{path_to_jdbc}}' on ambari-server host.")
+ raise Fail(error_message)
+
+ if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
+ if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
+ File(params.previous_jdbc_jar, action='delete')
+
+ File(params.downloaded_custom_connector,
+ content = DownloadSource(params.driver_curl_source),
+ mode = 0644
+ )
+
+ ranger_home = params.ranger_home
+ if stack_version is not None:
+ ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
+
+ driver_curl_target = format("{ranger_home}/ews/lib/{jdbc_jar_name}")
+
+ if params.db_flavor.lower() == 'sqla':
+ Execute(('tar', '-xvf', params.downloaded_custom_connector, '-C', params.tmp_dir), sudo = True)
+
+ Execute(('cp', '--remove-destination', params.jar_path_in_archive, os.path.join(ranger_home, 'ews', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(os.path.join(ranger_home, 'ews', 'lib', 'sajdbc4.jar'), mode=0644)
+
+ Directory(params.jdbc_libs_dir,
+ cd_access="a",
+ create_parents=True)
+
+ Execute(as_sudo(['yes', '|', 'cp', params.libs_path_in_archive, params.jdbc_libs_dir], auto_escape=False),
+ path=["/bin", "/usr/bin/"])
+ else:
+ Execute(('cp', '--remove-destination', params.downloaded_custom_connector, os.path.join(ranger_home, 'ews', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(os.path.join(ranger_home, 'ews', 'lib',params.jdbc_jar_name), mode=0644)
+
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = params.config['configurations']['admin-properties'],
+ owner = params.unix_user,
+ )
+
+ if params.db_flavor.lower() == 'sqla':
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{ranger_home}/ews/lib/sajdbc4.jar')},
+ owner = params.unix_user,
+ )
+ else:
+ ModifyPropertiesFile(format("{ranger_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')},
+ owner = params.unix_user,
+ )
+
+def setup_usersync(upgrade_type=None):
+ import params
+
+ usersync_home = params.usersync_home
+ ranger_home = params.ranger_home
+ ranger_ugsync_conf = params.ranger_ugsync_conf
+
+ if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+ password_validation(params.ranger_usersync_ldap_ldapbindpassword)
+
+ Directory(params.ranger_pid_dir,
+ mode=0755,
+ owner = params.unix_user,
+ group = params.user_group,
+ cd_access = "a",
+ create_parents=True
+ )
+
+ if params.stack_supports_pid:
+ File(format('{ranger_ugsync_conf}/ranger-usersync-env-piddir.sh'),
+ content = format("export USERSYNC_PID_DIR_PATH={ranger_pid_dir}\nexport UNIX_USERSYNC_USER={unix_user}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(params.usersync_log_dir,
+ owner = params.unix_user,
+ group = params.unix_group,
+ cd_access = 'a',
+ create_parents=True,
+ mode=0755,
+ recursive_ownership = True
+ )
+
+ File(format('{ranger_ugsync_conf}/ranger-usersync-env-logdir.sh'),
+ content = format("export logdir={usersync_log_dir}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(format("{ranger_ugsync_conf}/"),
+ owner = params.unix_user
+ )
+
+ if upgrade_type is not None:
+ src_file = format('{usersync_home}/conf.dist/ranger-ugsync-default.xml')
+ dst_file = format('{usersync_home}/conf/ranger-ugsync-default.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ if params.stack_supports_ranger_log4j:
+ File(format('{usersync_home}/conf/log4j.properties'),
+ owner=params.unix_user,
+ group=params.unix_group,
+ content=InlineTemplate(params.usersync_log4j),
+ mode=0644
+ )
+ elif upgrade_type is not None and not params.stack_supports_ranger_log4j:
+ src_file = format('{usersync_home}/conf.dist/log4j.xml')
+ dst_file = format('{usersync_home}/conf/log4j.xml')
+ Execute(('cp', '-f', src_file, dst_file), sudo=True)
+
+ # remove plain-text password from xml configs
+ ranger_ugsync_site_copy = {}
+ ranger_ugsync_site_copy.update(params.config['configurations']['ranger-ugsync-site'])
+ for prop in params.ranger_usersync_password_properties:
+ if prop in ranger_ugsync_site_copy:
+ ranger_ugsync_site_copy[prop] = "_"
+
+ XmlConfig("ranger-ugsync-site.xml",
+ conf_dir=ranger_ugsync_conf,
+ configurations=ranger_ugsync_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-ugsync-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ if os.path.isfile(params.ranger_ugsync_default_file):
+ File(params.ranger_ugsync_default_file, owner=params.unix_user, group=params.unix_group)
+
+ if os.path.isfile(params.usgsync_log4j_file):
+ File(params.usgsync_log4j_file, owner=params.unix_user, group=params.unix_group)
+
+ if os.path.isfile(params.cred_validator_file):
+ File(params.cred_validator_file, group=params.unix_group, mode=04555)
+
+ ranger_credential_helper(params.ugsync_cred_lib, 'usersync.ssl.key.password', params.ranger_usersync_keystore_password, params.ugsync_jceks_path)
+
+ if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+ ranger_credential_helper(params.ugsync_cred_lib, 'ranger.usersync.ldap.bindalias', params.ranger_usersync_ldap_ldapbindpassword, params.ugsync_jceks_path)
+
+ ranger_credential_helper(params.ugsync_cred_lib, 'usersync.ssl.truststore.password', params.ranger_usersync_truststore_password, params.ugsync_jceks_path)
+
+ File(params.ugsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ File([params.usersync_start, params.usersync_stop],
+ owner = params.unix_user,
+ group = params.unix_group
+ )
+
+ File(params.usersync_services_file,
+ mode = 0755,
+ )
+
+ Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
+ not_if=format("ls /usr/bin/ranger-usersync"),
+ only_if=format("ls {usersync_services_file}"),
+ sudo=True)
+
+ if not os.path.isfile(params.ranger_usersync_keystore_file):
+ cmd = format("{java_home}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore '{ranger_usersync_keystore_file}' -keypass {ranger_usersync_keystore_password!p} -storepass {ranger_usersync_keystore_password!p} -validity 3600 -keysize 2048 -dname '{default_dn_name}'")
+
+ Execute(cmd, logoutput=True, user = params.unix_user)
+
+ File(params.ranger_usersync_keystore_file,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ create_core_site_xml(ranger_ugsync_conf)
+
+def setup_tagsync(upgrade_type=None):
+ import params
+
+ ranger_tagsync_home = params.ranger_tagsync_home
+ ranger_home = params.ranger_home
+ ranger_tagsync_conf = params.ranger_tagsync_conf
+
+ Directory(format("{ranger_tagsync_conf}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ create_parents = True
+ )
+
+ Directory(params.ranger_pid_dir,
+ mode=0755,
+ create_parents=True,
+ owner = params.unix_user,
+ group = params.user_group,
+ cd_access = "a",
+ )
+
+ if params.stack_supports_pid:
+ File(format('{ranger_tagsync_conf}/ranger-tagsync-env-piddir.sh'),
+ content = format("export TAGSYNC_PID_DIR_PATH={ranger_pid_dir}\nexport UNIX_TAGSYNC_USER={unix_user}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ Directory(params.tagsync_log_dir,
+ create_parents = True,
+ owner = params.unix_user,
+ group = params.unix_group,
+ cd_access = "a",
+ mode=0755
+ )
+
+ File(format('{ranger_tagsync_conf}/ranger-tagsync-env-logdir.sh'),
+ content = format("export RANGER_TAGSYNC_LOG_DIR={tagsync_log_dir}"),
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode=0755
+ )
+
+ XmlConfig("ranger-tagsync-site.xml",
+ conf_dir=ranger_tagsync_conf,
+ configurations=params.config['configurations']['ranger-tagsync-site'],
+ configuration_attributes=params.config['configuration_attributes']['ranger-tagsync-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Stack supports tagsync-ssl configurations, performing the same.")
+ setup_tagsync_ssl_configs()
+ else:
+ Logger.info("Stack doesnt support tagsync-ssl configurations, skipping the same.")
+
+ PropertiesFile(format('{ranger_tagsync_conf}/atlas-application.properties'),
+ properties = params.tagsync_application_properties,
+ mode=0755,
+ owner=params.unix_user,
+ group=params.unix_group
+ )
+
+ File(format('{ranger_tagsync_conf}/log4j.properties'),
+ owner=params.unix_user,
+ group=params.unix_group,
+ content=InlineTemplate(params.tagsync_log4j),
+ mode=0644
+ )
+
+ File(params.tagsync_services_file,
+ mode = 0755,
+ )
+
+ Execute(('ln','-sf', format('{tagsync_services_file}'),'/usr/bin/ranger-tagsync'),
+ not_if=format("ls /usr/bin/ranger-tagsync"),
+ only_if=format("ls {tagsync_services_file}"),
+ sudo=True)
+
+ create_core_site_xml(ranger_tagsync_conf)
+
+def ranger_credential_helper(lib_path, alias_key, alias_value, file_path):
+ import params
+
+ java_bin = format('{java_home}/bin/java')
+ file_path = format('jceks://file{file_path}')
+ cmd = (java_bin, '-cp', lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', alias_key, '-value', PasswordString(alias_value), '-provider', file_path)
+ Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+def create_core_site_xml(conf_dir):
+ import params
+
+ if params.stack_supports_ranger_kerberos:
+ if params.has_namenode:
+ XmlConfig("core-site.xml",
+ conf_dir=conf_dir,
+ configurations=params.config['configurations']['core-site'],
+ configuration_attributes=params.config['configuration_attributes']['core-site'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+ else:
+ Logger.warning('HDFS service not installed. Creating core-site.xml file.')
+ XmlConfig("core-site.xml",
+ conf_dir=conf_dir,
+ configurations=params.core_site_property,
+ configuration_attributes={},
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+def setup_ranger_audit_solr():
+ import params
+
+ if params.security_enabled and params.stack_supports_ranger_kerberos:
+
+ if params.solr_jaas_file is not None:
+ File(format("{solr_jaas_file}"),
+ content=Template("ranger_solr_jaas_conf.j2"),
+ owner=params.unix_user
+ )
+ try:
+ check_znode()
+
+ if params.stack_supports_ranger_solr_configs:
+ Logger.info('Solr configrations supported,creating solr-configurations.')
+ File(format("{ranger_solr_conf}/solrconfig.xml"),
+ content=InlineTemplate(params.ranger_solr_config_content),
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644
+ )
+
+ solr_cloud_util.upload_configuration_to_zk(
+ zookeeper_quorum = params.zookeeper_quorum,
+ solr_znode = params.solr_znode,
+ config_set = params.ranger_solr_config_set,
+ config_set_dir = params.ranger_solr_conf,
+ tmp_dir = params.tmp_dir,
+ java64_home = params.java_home,
+ solrconfig_content = InlineTemplate(params.ranger_solr_config_content),
+ jaas_file=params.solr_jaas_file,
+ retry=30, interval=5
+ )
+
+ else:
+ Logger.info('Solr configrations not supported, skipping solr-configurations.')
+ solr_cloud_util.upload_configuration_to_zk(
+ zookeeper_quorum = params.zookeeper_quorum,
+ solr_znode = params.solr_znode,
+ config_set = params.ranger_solr_config_set,
+ config_set_dir = params.ranger_solr_conf,
+ tmp_dir = params.tmp_dir,
+ java64_home = params.java_home,
+ jaas_file=params.solr_jaas_file,
+ retry=30, interval=5)
+
+ if params.security_enabled and params.has_infra_solr \
+ and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos:
+
+ solr_cloud_util.add_solr_roles(params.config,
+ roles = [params.infra_solr_role_ranger_admin, params.infra_solr_role_ranger_audit, params.infra_solr_role_dev],
+ new_service_principals = [params.ranger_admin_jaas_principal])
+ service_default_principals_map = [('hdfs', 'nn'), ('hbase', 'hbase'), ('hive', 'hive'), ('kafka', 'kafka'), ('kms', 'rangerkms'),
+ ('knox', 'knox'), ('nifi', 'nifi'), ('storm', 'storm'), ('yanr', 'yarn')]
+ service_principals = get_ranger_plugin_principals(service_default_principals_map)
+ solr_cloud_util.add_solr_roles(params.config,
+ roles = [params.infra_solr_role_ranger_audit, params.infra_solr_role_dev],
+ new_service_principals = service_principals)
+
+
+ solr_cloud_util.create_collection(
+ zookeeper_quorum = params.zookeeper_quorum,
+ solr_znode = params.solr_znode,
+ collection = params.ranger_solr_collection_name,
+ config_set = params.ranger_solr_config_set,
+ java64_home = params.java_home,
+ shards = params.ranger_solr_shards,
+ replication_factor = int(params.replication_factor),
+ jaas_file = params.solr_jaas_file)
+
+ if params.security_enabled and params.has_infra_solr \
+ and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos:
+ secure_znode(format('{solr_znode}/configs/{ranger_solr_config_set}'), params.solr_jaas_file)
+ secure_znode(format('{solr_znode}/collections/{ranger_solr_collection_name}'), params.solr_jaas_file)
+ except ExecutionFailed as execution_exception:
+ Logger.error('Error when configuring Solr for Ranger, Kindly check Solr/Zookeeper services to be up and running:\n {0}'.format(execution_exception))
+
+def setup_ranger_admin_passwd_change():
+ import params
+
+ if params.admin_password != params.default_admin_password:
+ cmd = format('ambari-python-wrap {ranger_home}/db_setup.py -changepassword {admin_username} {default_admin_password!p} {admin_password!p}')
+ Logger.info('Updating admin password')
+ Execute(cmd, environment={'JAVA_HOME': params.java_home, 'RANGER_ADMIN_HOME': params.ranger_home}, user=params.unix_user)
+
+@retry(times=10, sleep_time=5, err_class=Fail)
+def check_znode():
+ import params
+ solr_cloud_util.check_znode(
+ zookeeper_quorum=params.zookeeper_quorum,
+ solr_znode=params.solr_znode,
+ java64_home=params.java_home)
+
+def secure_znode(znode, jaasFile):
+ import params
+ solr_cloud_util.secure_znode(config=params.config, zookeeper_quorum=params.zookeeper_quorum,
+ solr_znode=znode,
+ jaas_file=jaasFile,
+ java64_home=params.java_home, sasl_users=[params.ranger_admin_jaas_principal])
+
+def get_ranger_plugin_principals(services_defaults_tuple_list):
+ """
+ Get ranger plugin user principals from service-default value maps using ranger-*-audit configurations
+ """
+ import params
+ user_principals = []
+ if len(services_defaults_tuple_list) < 1:
+ raise Exception("Services - defaults map parameter is missing.")
+
+ for (service, default_value) in services_defaults_tuple_list:
+ user_principal = default(format("configurations/ranger-{service}-audit/xasecure.audit.jaas.Client.option.principal"), default_value)
+ user_principals.append(user_principal)
+ return user_principals
+
+
+def setup_tagsync_ssl_configs():
+ import params
+ Directory(params.security_store_path,
+ cd_access="a",
+ create_parents=True)
+
+ Directory(params.tagsync_etc_path,
+ cd_access="a",
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0775,
+ create_parents=True)
+
+ # remove plain-text password from xml configs
+ ranger_tagsync_policymgr_ssl_copy = {}
+ ranger_tagsync_policymgr_ssl_copy.update(params.config['configurations']['ranger-tagsync-policymgr-ssl'])
+ for prop in params.ranger_tagsync_password_properties:
+ if prop in ranger_tagsync_policymgr_ssl_copy:
+ ranger_tagsync_policymgr_ssl_copy[prop] = "_"
+
+ XmlConfig("ranger-policymgr-ssl.xml",
+ conf_dir=params.ranger_tagsync_conf,
+ configurations=ranger_tagsync_policymgr_ssl_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-tagsync-policymgr-ssl'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.ranger_tagsync_keystore_password, params.ranger_tagsync_credential_file)
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.ranger_tagsync_truststore_password, params.ranger_tagsync_credential_file)
+
+ File(params.ranger_tagsync_credential_file,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ # remove plain-text password from xml configs
+ atlas_tagsync_ssl_copy = {}
+ atlas_tagsync_ssl_copy.update(params.config['configurations']['atlas-tagsync-ssl'])
+ for prop in params.ranger_tagsync_password_properties:
+ if prop in atlas_tagsync_ssl_copy:
+ atlas_tagsync_ssl_copy[prop] = "_"
+
+ XmlConfig("atlas-tagsync-ssl.xml",
+ conf_dir=params.ranger_tagsync_conf,
+ configurations=atlas_tagsync_ssl_copy,
+ configuration_attributes=params.config['configuration_attributes']['atlas-tagsync-ssl'],
+ owner=params.unix_user,
+ group=params.unix_group,
+ mode=0644)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.atlas_tagsync_keystore_password, params.atlas_tagsync_credential_file)
+ ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.atlas_tagsync_truststore_password, params.atlas_tagsync_credential_file)
+
+ File(params.atlas_tagsync_credential_file,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+ Logger.info("Configuring tagsync-ssl configurations done successfully.")
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/status_params.py
new file mode 100644
index 0000000..842430b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/status_params.py
@@ -0,0 +1,39 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions import StackFeature
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+
+upgrade_marker_file = format("{tmp_dir}/rangeradmin_ru.inprogress")
+ranger_pid_dir = config['configurations']['ranger-env']['ranger_pid_dir']
+tagsync_pid_file = format('{ranger_pid_dir}/tagsync.pid')
+stack_name = default("/hostLevelParams/stack_name", None)
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+ranger_admin_pid_file = format('{ranger_pid_dir}/rangeradmin.pid')
+ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid')
+stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_PID_SUPPORT, stack_version_formatted)
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/upgrade.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/upgrade.py
new file mode 100644
index 0000000..a07a1fd
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/upgrade.py
@@ -0,0 +1,31 @@
+
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.resources.system import Execute
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions.format import format
+
+def prestart(env, stack_component):
+ import params
+
+ if params.version and params.stack_supports_rolling_upgrade:
+ conf_select.select(params.stack_name, stack_component, params.version)
+ stack_select.select(stack_component, params.version)
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/input.config-ranger.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/input.config-ranger.json.j2 b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/input.config-ranger.json.j2
new file mode 100644
index 0000000..6c5bb1f
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/input.config-ranger.json.j2
@@ -0,0 +1,79 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+{
+ "input":[
+ {
+ "type":"ranger_admin",
+ "rowtype":"service",
+ "path":"{{default('/configurations/ranger-env/ranger_admin_log_dir', '/var/log/ranger/admin')}}/xa_portal.log"
+ },
+ {
+ "type":"ranger_dbpatch",
+ "is_enabled":"true",
+ "path":"{{default('/configurations/ranger-env/ranger_admin_log_dir', '/var/log/ranger/admin')}}/ranger_db_patch.log"
+ },
+ {
+ "type":"ranger_usersync",
+ "rowtype":"service",
+ "path":"{{default('/configurations/ranger-env/ranger_usersync_log_dir', '/var/log/ranger/usersync')}}/usersync.log"
+ }
+ ],
+ "filter":[
+ {
+ "filter":"grok",
+ "conditions":{
+ "fields":{
+ "type":[
+ "ranger_admin",
+ "ranger_dbpatch"
+ ]
+ }
+ },
+ "log4j_format":"%d [%t] %-5p %C{6} (%F:%L) - %m%n",
+ "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})",
+ "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}\\[%{DATA:thread_name}\\]%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}\\(%{JAVAFILE:file}:%{INT:line_number}\\)%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
+ "post_map_values":{
+ "logtime":{
+ "map_date":{
+ "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS"
+ }
+ }
+ }
+ },
+ {
+ "filter":"grok",
+ "conditions":{
+ "fields":{
+ "type":[
+ "ranger_usersync"
+ ]
+ }
+ },
+ "log4j_format":"%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n",
+ "multiline_pattern":"^(%{USER_SYNC_DATE:logtime})",
+ "message_pattern":"(?m)^%{USER_SYNC_DATE:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}\\[%{DATA:thread_name}\\]%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
+ "post_map_values":{
+ "logtime":{
+ "map_date":{
+ "target_date_pattern":"dd MMM yyyy HH:mm:ss"
+ }
+ }
+ }
+ }
+ ]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_admin_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_admin_pam.j2 b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_admin_pam.j2
new file mode 100644
index 0000000..d69ad6c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_admin_pam.j2
@@ -0,0 +1,22 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+#%PAM-1.0
+auth sufficient pam_unix.so
+auth sufficient pam_sss.so
+account sufficient pam_unix.so
+account sufficient pam_sss.so
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_remote_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_remote_pam.j2 b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_remote_pam.j2
new file mode 100644
index 0000000..d69ad6c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_remote_pam.j2
@@ -0,0 +1,22 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+#%PAM-1.0
+auth sufficient pam_unix.so
+auth sufficient pam_sss.so
+account sufficient pam_unix.so
+account sufficient pam_sss.so
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_solr_jaas_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_solr_jaas_conf.j2 b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_solr_jaas_conf.j2
new file mode 100644
index 0000000..a456688
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/templates/ranger_solr_jaas_conf.j2
@@ -0,0 +1,26 @@
+{#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#}
+
+Client {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ storeKey=true
+ useTicketCache=false
+ keyTab="{{solr_kerberos_keytab}}"
+ principal="{{solr_kerberos_principal}}";
+};
\ No newline at end of file
[15/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/params.py
deleted file mode 100644
index 094d239..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/params.py
+++ /dev/null
@@ -1,448 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-import os
-from resource_management.libraries.script import Script
-from resource_management.libraries.functions.version import format_stack_version
-from resource_management.libraries.functions.format import format
-from resource_management.libraries.functions.default import default
-from resource_management.libraries.functions.is_empty import is_empty
-from resource_management.libraries.functions.constants import Direction
-from resource_management.libraries.functions.stack_features import check_stack_feature
-from resource_management.libraries.functions.stack_features import get_stack_feature_version
-from resource_management.libraries.functions import StackFeature
-from resource_management.libraries.functions.get_bare_principal import get_bare_principal
-
-# a map of the Ambari role to the component name
-# for use with <stack-root>/current/<component>
-SERVER_ROLE_DIRECTORY_MAP = {
- 'RANGER_ADMIN' : 'ranger-admin',
- 'RANGER_USERSYNC' : 'ranger-usersync',
- 'RANGER_TAGSYNC' : 'ranger-tagsync'
-}
-
-component_directory = Script.get_component_from_role(SERVER_ROLE_DIRECTORY_MAP, "RANGER_ADMIN")
-
-config = Script.get_config()
-tmp_dir = Script.get_tmp_dir()
-stack_root = Script.get_stack_root()
-
-stack_name = default("/hostLevelParams/stack_name", None)
-version = default("/commandParams/version", None)
-
-stack_version_unformatted = config['hostLevelParams']['stack_version']
-stack_version_formatted = format_stack_version(stack_version_unformatted)
-
-upgrade_marker_file = format("{tmp_dir}/rangeradmin_ru.inprogress")
-
-xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
-
-create_db_dbuser = config['configurations']['ranger-env']['create_db_dbuser']
-
-# get the correct version to use for checking stack features
-version_for_stack_feature_checks = get_stack_feature_version(config)
-
-stack_supports_rolling_upgrade = check_stack_feature(StackFeature.ROLLING_UPGRADE, version_for_stack_feature_checks)
-stack_supports_config_versioning = check_stack_feature(StackFeature.CONFIG_VERSIONING, version_for_stack_feature_checks)
-stack_supports_usersync_non_root = check_stack_feature(StackFeature.RANGER_USERSYNC_NON_ROOT, version_for_stack_feature_checks)
-stack_supports_ranger_tagsync = check_stack_feature(StackFeature.RANGER_TAGSYNC_COMPONENT, version_for_stack_feature_checks)
-stack_supports_ranger_audit_db = check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, version_for_stack_feature_checks)
-stack_supports_ranger_log4j = check_stack_feature(StackFeature.RANGER_LOG4J_SUPPORT, version_for_stack_feature_checks)
-stack_supports_ranger_kerberos = check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, version_for_stack_feature_checks)
-stack_supports_usersync_passwd = check_stack_feature(StackFeature.RANGER_USERSYNC_PASSWORD_JCEKS, version_for_stack_feature_checks)
-stack_supports_infra_client = check_stack_feature(StackFeature.RANGER_INSTALL_INFRA_CLIENT, version_for_stack_feature_checks)
-stack_supports_pid = check_stack_feature(StackFeature.RANGER_PID_SUPPORT, version_for_stack_feature_checks)
-stack_supports_ranger_admin_password_change = check_stack_feature(StackFeature.RANGER_ADMIN_PASSWD_CHANGE, version_for_stack_feature_checks)
-stack_supports_ranger_setup_db_on_start = check_stack_feature(StackFeature.RANGER_SETUP_DB_ON_START, version_for_stack_feature_checks)
-stack_supports_ranger_tagsync_ssl_xml_support = check_stack_feature(StackFeature.RANGER_TAGSYNC_SSL_XML_SUPPORT, version_for_stack_feature_checks)
-stack_supports_ranger_solr_configs = check_stack_feature(StackFeature.RANGER_SOLR_CONFIG_SUPPORT, version_for_stack_feature_checks)
-stack_supports_secure_ssl_password = check_stack_feature(StackFeature.SECURE_RANGER_SSL_PASSWORD, version_for_stack_feature_checks)
-
-downgrade_from_version = default("/commandParams/downgrade_from_version", None)
-upgrade_direction = default("/commandParams/upgrade_direction", None)
-
-ranger_conf = '/etc/ranger/admin/conf'
-ranger_ugsync_conf = '/etc/ranger/usersync/conf'
-ranger_tagsync_home = format('{stack_root}/current/ranger-tagsync')
-ranger_tagsync_conf = format('{stack_root}/current/ranger-tagsync/conf')
-tagsync_bin = '/usr/bin/ranger-tagsync'
-tagsync_services_file = format('{stack_root}/current/ranger-tagsync/ranger-tagsync-services.sh')
-security_store_path = '/etc/security/serverKeys'
-tagsync_etc_path = '/etc/ranger/tagsync/'
-ranger_tagsync_credential_file= os.path.join(tagsync_etc_path,'rangercred.jceks')
-atlas_tagsync_credential_file= os.path.join(tagsync_etc_path,'atlascred.jceks')
-ranger_tagsync_keystore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']
-ranger_tagsync_truststore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']
-atlas_tagsync_keystore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.keystore.password']
-atlas_tagsync_truststore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.truststore.password']
-
-if upgrade_direction == Direction.DOWNGRADE and version and not check_stack_feature(StackFeature.CONFIG_VERSIONING, version):
- stack_supports_rolling_upgrade = True
- stack_supports_config_versioning = False
-
-if upgrade_direction == Direction.DOWNGRADE and version and not check_stack_feature(StackFeature.RANGER_USERSYNC_NON_ROOT, version):
- stack_supports_usersync_non_root = False
-
-if stack_supports_rolling_upgrade:
- ranger_home = format('{stack_root}/current/ranger-admin')
- ranger_conf = '/etc/ranger/admin/conf'
- ranger_stop = '/usr/bin/ranger-admin-stop'
- ranger_start = '/usr/bin/ranger-admin-start'
- usersync_home = format('{stack_root}/current/ranger-usersync')
- usersync_start = '/usr/bin/ranger-usersync-start'
- usersync_stop = '/usr/bin/ranger-usersync-stop'
- ranger_ugsync_conf = '/etc/ranger/usersync/conf'
-
-if stack_supports_config_versioning:
- ranger_conf = format('{stack_root}/current/ranger-admin/conf')
- ranger_ugsync_conf = format('{stack_root}/current/ranger-usersync/conf')
-
-if stack_supports_ranger_tagsync:
- ranger_tagsync_home = format('{stack_root}/current/ranger-tagsync')
- tagsync_bin = '/usr/bin/ranger-tagsync'
- ranger_tagsync_conf = format('{stack_root}/current/ranger-tagsync/conf')
- tagsync_services_file = format('{stack_root}/current/ranger-tagsync/ranger-tagsync-services.sh')
-
-usersync_services_file = format('{stack_root}/current/ranger-usersync/ranger-usersync-services.sh')
-
-java_home = config['hostLevelParams']['java_home']
-unix_user = config['configurations']['ranger-env']['ranger_user']
-unix_group = config['configurations']['ranger-env']['ranger_group']
-ranger_pid_dir = default("/configurations/ranger-env/ranger_pid_dir", "/var/run/ranger")
-usersync_log_dir = default("/configurations/ranger-env/ranger_usersync_log_dir", "/var/log/ranger/usersync")
-admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir", "/var/log/ranger/admin")
-ranger_admin_default_file = format('{ranger_conf}/ranger-admin-default-site.xml')
-security_app_context_file = format('{ranger_conf}/security-applicationContext.xml')
-ranger_ugsync_default_file = format('{ranger_ugsync_conf}/ranger-ugsync-default.xml')
-usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.xml')
-if stack_supports_ranger_log4j:
- usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.properties')
-cred_validator_file = format('{usersync_home}/native/credValidator.uexe')
-
-ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
-
-db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
-usersync_exturl = config['configurations']['admin-properties']['policymgr_external_url']
-if usersync_exturl.endswith('/'):
- usersync_exturl = usersync_exturl.rstrip('/')
-ranger_host = config['clusterHostInfo']['ranger_admin_hosts'][0]
-ugsync_host = 'localhost'
-usersync_host_info = config['clusterHostInfo']['ranger_usersync_hosts']
-if not is_empty(usersync_host_info) and len(usersync_host_info) > 0:
- ugsync_host = config['clusterHostInfo']['ranger_usersync_hosts'][0]
-ranger_external_url = config['configurations']['admin-properties']['policymgr_external_url']
-if ranger_external_url.endswith('/'):
- ranger_external_url = ranger_external_url.rstrip('/')
-ranger_db_name = config['configurations']['admin-properties']['db_name']
-ranger_auditdb_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
-
-sql_command_invoker = config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
-db_root_user = config['configurations']['admin-properties']['db_root_user']
-db_root_password = unicode(config['configurations']['admin-properties']['db_root_password'])
-db_host = config['configurations']['admin-properties']['db_host']
-ranger_db_user = config['configurations']['admin-properties']['db_user']
-ranger_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
-ranger_db_password = unicode(config['configurations']['admin-properties']['db_password'])
-
-#ranger-env properties
-oracle_home = default("/configurations/ranger-env/oracle_home", "-")
-
-#For curl command in ranger to get db connector
-jdk_location = config['hostLevelParams']['jdk_location']
-java_share_dir = '/usr/share/java'
-jdbc_jar_name = None
-previous_jdbc_jar_name = None
-if db_flavor.lower() == 'mysql':
- jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:mysql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
- jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform"
-elif db_flavor.lower() == 'oracle':
- jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform"
- colon_count = db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- audit_jdbc_url = format('jdbc:oracle:thin:@{db_host}') if stack_supports_ranger_audit_db else None
- else:
- audit_jdbc_url = format('jdbc:oracle:thin:@//{db_host}') if stack_supports_ranger_audit_db else None
-elif db_flavor.lower() == 'postgres':
- jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- audit_jdbc_url = format('jdbc:postgresql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
- jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
-elif db_flavor.lower() == 'mssql':
- jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
- jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform"
-elif db_flavor.lower() == 'sqla':
- jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlanywhere:database={ranger_auditdb_name};host={db_host}') if stack_supports_ranger_audit_db else None
- jdbc_dialect = "org.eclipse.persistence.platform.database.SQLAnywherePlatform"
-
-downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
-
-driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
-driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
-previous_jdbc_jar = format("{java_share_dir}/{previous_jdbc_jar_name}")
-if stack_supports_config_versioning:
- driver_curl_target = format("{ranger_home}/ews/lib/{jdbc_jar_name}")
- previous_jdbc_jar = format("{ranger_home}/ews/lib/{previous_jdbc_jar_name}")
-
-if db_flavor.lower() == 'sqla':
- downloaded_custom_connector = format("{tmp_dir}/sqla-client-jdbc.tar.gz")
- jar_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/java/sajdbc4.jar")
- libs_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/native/lib64/*")
- jdbc_libs_dir = format("{ranger_home}/native/lib64")
- ld_lib_path = format("{jdbc_libs_dir}")
-
-#for db connection
-check_db_connection_jar_name = "DBConnectionVerification.jar"
-check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}")
-ranger_jdbc_connection_url = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.url"]
-ranger_jdbc_driver = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.driver"]
-
-ranger_credential_provider_path = config["configurations"]["ranger-admin-site"]["ranger.credential.provider.path"]
-ranger_jpa_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.credential.alias"]
-ranger_ambari_db_password = unicode(config["configurations"]["admin-properties"]["db_password"])
-
-ranger_jpa_audit_jdbc_credential_alias = default('/configurations/ranger-admin-site/ranger.jpa.audit.jdbc.credential.alias', 'rangeraudit')
-ranger_ambari_audit_db_password = ''
-if not is_empty(config["configurations"]["admin-properties"]["audit_db_password"]) and stack_supports_ranger_audit_db:
- ranger_ambari_audit_db_password = unicode(config["configurations"]["admin-properties"]["audit_db_password"])
-
-ugsync_jceks_path = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.credstore.filename"]
-ugsync_cred_lib = os.path.join(usersync_home,"lib","*")
-cred_lib_path = os.path.join(ranger_home,"cred","lib","*")
-cred_setup_prefix = (format('{ranger_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
-ranger_audit_source_type = config["configurations"]["ranger-admin-site"]["ranger.audit.source.type"]
-
-if xml_configurations_supported:
- ranger_usersync_keystore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.password"])
- ranger_usersync_ldap_ldapbindpassword = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.ldapbindpassword"])
- ranger_usersync_truststore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.truststore.password"])
- ranger_usersync_keystore_file = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.file"]
- default_dn_name = 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US'
-
-ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts']
-is_ranger_ha_enabled = True if len(ranger_admin_hosts) > 1 else False
-ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.url"]
-ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"]
-ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"]
-ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"]
-ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
-ug_sync_source = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.source.impl.class"]
-current_host = config['hostname']
-if current_host in ranger_admin_hosts:
- ranger_host = current_host
-
-# ranger-tagsync
-ranger_tagsync_hosts = default("/clusterHostInfo/ranger_tagsync_hosts", [])
-has_ranger_tagsync = len(ranger_tagsync_hosts) > 0
-
-tagsync_log_dir = default("/configurations/ranger-tagsync-site/ranger.tagsync.logdir", "/var/log/ranger/tagsync")
-tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.keystore.filename"]
-atlas_tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.source.atlasrest.keystore.filename"]
-tagsync_application_properties = dict(config["configurations"]["tagsync-application-properties"]) if has_ranger_tagsync else None
-tagsync_pid_file = format('{ranger_pid_dir}/tagsync.pid')
-tagsync_cred_lib = os.path.join(ranger_tagsync_home, "lib", "*")
-
-ranger_usersync_log_maxfilesize = default('/configurations/usersync-log4j/ranger_usersync_log_maxfilesize',256)
-ranger_usersync_log_maxbackupindex = default('/configurations/usersync-log4j/ranger_usersync_log_maxbackupindex',20)
-ranger_tagsync_log_maxfilesize = default('/configurations/tagsync-log4j/ranger_tagsync_log_maxfilesize',256)
-ranger_tagsync_log_number_of_backup_files = default('/configurations/tagsync-log4j/ranger_tagsync_log_number_of_backup_files',20)
-ranger_xa_log_maxfilesize = default('/configurations/admin-log4j/ranger_xa_log_maxfilesize',256)
-ranger_xa_log_maxbackupindex = default('/configurations/admin-log4j/ranger_xa_log_maxbackupindex',20)
-
-# ranger log4j.properties
-admin_log4j = config['configurations']['admin-log4j']['content']
-usersync_log4j = config['configurations']['usersync-log4j']['content']
-tagsync_log4j = config['configurations']['tagsync-log4j']['content']
-
-# ranger kerberos
-security_enabled = config['configurations']['cluster-env']['security_enabled']
-namenode_hosts = default("/clusterHostInfo/namenode_host", [])
-has_namenode = len(namenode_hosts) > 0
-
-ugsync_policymgr_alias = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.alias"]
-ugsync_policymgr_keystore = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.keystore"]
-
-# ranger solr
-audit_solr_enabled = default('/configurations/ranger-env/xasecure.audit.destination.solr', False)
-ranger_solr_config_set = config['configurations']['ranger-env']['ranger_solr_config_set']
-ranger_solr_collection_name = config['configurations']['ranger-env']['ranger_solr_collection_name']
-ranger_solr_shards = config['configurations']['ranger-env']['ranger_solr_shards']
-replication_factor = config['configurations']['ranger-env']['ranger_solr_replication_factor']
-ranger_solr_conf = format('{ranger_home}/contrib/solr_for_audit_setup/conf')
-infra_solr_hosts = default("/clusterHostInfo/infra_solr_hosts", [])
-has_infra_solr = len(infra_solr_hosts) > 0
-is_solrCloud_enabled = default('/configurations/ranger-env/is_solrCloud_enabled', False)
-is_external_solrCloud_enabled = default('/configurations/ranger-env/is_external_solrCloud_enabled', False)
-solr_znode = '/ranger_audits'
-if stack_supports_infra_client and is_solrCloud_enabled:
- solr_znode = default('/configurations/ranger-admin-site/ranger.audit.solr.zookeepers', 'NONE')
- if solr_znode != '' and solr_znode.upper() != 'NONE':
- solr_znode = solr_znode.split('/')
- if len(solr_znode) > 1 and len(solr_znode) == 2:
- solr_znode = solr_znode[1]
- solr_znode = format('/{solr_znode}')
- if has_infra_solr and not is_external_solrCloud_enabled:
- solr_znode = config['configurations']['infra-solr-env']['infra_solr_znode']
-solr_user = unix_user
-if has_infra_solr and not is_external_solrCloud_enabled:
- solr_user = default('/configurations/infra-solr-env/infra_solr_user', unix_user)
- infra_solr_role_ranger_admin = default('configurations/infra-solr-security-json/infra_solr_role_ranger_admin', 'ranger_user')
- infra_solr_role_ranger_audit = default('configurations/infra-solr-security-json/infra_solr_role_ranger_audit', 'ranger_audit_user')
- infra_solr_role_dev = default('configurations/infra-solr-security-json/infra_solr_role_dev', 'dev')
-custom_log4j = has_infra_solr and not is_external_solrCloud_enabled
-
-ranger_audit_max_retention_days = config['configurations']['ranger-solr-configuration']['ranger_audit_max_retention_days']
-ranger_audit_logs_merge_factor = config['configurations']['ranger-solr-configuration']['ranger_audit_logs_merge_factor']
-ranger_solr_config_content = config['configurations']['ranger-solr-configuration']['content']
-
-# get comma separated list of zookeeper hosts
-zookeeper_port = default('/configurations/zoo.cfg/clientPort', None)
-zookeeper_hosts = default("/clusterHostInfo/zookeeper_hosts", [])
-index = 0
-zookeeper_quorum = ""
-for host in zookeeper_hosts:
- zookeeper_quorum += host + ":" + str(zookeeper_port)
- index += 1
- if index < len(zookeeper_hosts):
- zookeeper_quorum += ","
-
-# solr kerberised
-solr_jaas_file = None
-is_external_solrCloud_kerberos = default('/configurations/ranger-env/is_external_solrCloud_kerberos', False)
-
-if security_enabled:
- if has_ranger_tagsync:
- ranger_tagsync_principal = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.principal']
- if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '':
- tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower())
- tagsync_keytab_path = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.keytab']
-
- if stack_supports_ranger_kerberos:
- ranger_admin_keytab = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.keytab']
- ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal']
- if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
- ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower())
- if stack_supports_infra_client and is_solrCloud_enabled and is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
- solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
- solr_kerberos_principal = ranger_admin_jaas_principal
- solr_kerberos_keytab = ranger_admin_keytab
- if stack_supports_infra_client and is_solrCloud_enabled and not is_external_solrCloud_enabled and not is_external_solrCloud_kerberos:
- solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
- solr_kerberos_principal = ranger_admin_jaas_principal
- solr_kerberos_keytab = ranger_admin_keytab
-
-# logic to create core-site.xml if hdfs not installed
-if stack_supports_ranger_kerberos and not has_namenode:
- core_site_property = {
- 'hadoop.security.authentication': 'kerberos' if security_enabled else 'simple'
- }
-
- if security_enabled:
- realm = 'EXAMPLE.COM'
- ranger_admin_bare_principal = 'rangeradmin'
- ranger_usersync_bare_principal = 'rangerusersync'
- ranger_tagsync_bare_principal = 'rangertagsync'
-
- ranger_usersync_principal = config['configurations']['ranger-ugsync-site']['ranger.usersync.kerberos.principal']
- if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
- ranger_admin_bare_principal = get_bare_principal(ranger_admin_principal)
- if not is_empty(ranger_usersync_principal) and ranger_usersync_principal != '':
- ranger_usersync_bare_principal = get_bare_principal(ranger_usersync_principal)
- realm = config['configurations']['kerberos-env']['realm']
-
- rule_dict = [
- {'principal': ranger_admin_bare_principal, 'user': unix_user},
- {'principal': ranger_usersync_bare_principal, 'user': 'rangerusersync'},
- ]
-
- if has_ranger_tagsync:
- if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '':
- ranger_tagsync_bare_principal = get_bare_principal(ranger_tagsync_principal)
- rule_dict.append({'principal': ranger_tagsync_bare_principal, 'user': 'rangertagsync'})
-
- core_site_auth_to_local_property = ''
- for item in range(len(rule_dict)):
- rule_line = 'RULE:[2:$1@$0]({0}@{1})s/.*/{2}/\n'.format(rule_dict[item]['principal'], realm, rule_dict[item]['user'])
- core_site_auth_to_local_property = rule_line + core_site_auth_to_local_property
-
- core_site_auth_to_local_property = core_site_auth_to_local_property + 'DEFAULT'
- core_site_property['hadoop.security.auth_to_local'] = core_site_auth_to_local_property
-
-upgrade_type = Script.get_upgrade_type(default("/commandParams/upgrade_type", ""))
-
-# ranger service pid
-user_group = config['configurations']['cluster-env']['user_group']
-ranger_admin_pid_file = format('{ranger_pid_dir}/rangeradmin.pid')
-ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid')
-
-# admin credential
-admin_username = config['configurations']['ranger-env']['admin_username']
-admin_password = config['configurations']['ranger-env']['admin_password']
-default_admin_password = 'admin'
-
-ranger_is_solr_kerberised = "false"
-if audit_solr_enabled and is_solrCloud_enabled:
- # Check internal solrCloud
- if security_enabled and not is_external_solrCloud_enabled:
- ranger_is_solr_kerberised = "true"
- # Check external solrCloud
- if is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
- ranger_is_solr_kerberised = "true"
-
-hbase_master_hosts = default("/clusterHostInfo/hbase_master_hosts", [])
-is_hbase_ha_enabled = True if len(hbase_master_hosts) > 1 else False
-is_namenode_ha_enabled = True if len(namenode_hosts) > 1 else False
-ranger_hbase_plugin_enabled = False
-ranger_hdfs_plugin_enabled = False
-
-
-if is_hbase_ha_enabled:
- if not is_empty(config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled']):
- ranger_hbase_plugin_enabled = config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes'
-if is_namenode_ha_enabled:
- if not is_empty(config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled']):
- ranger_hdfs_plugin_enabled = config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled'].lower() == 'yes'
-
-ranger_admin_password_properties = ['ranger.jpa.jdbc.password', 'ranger.jpa.audit.jdbc.password', 'ranger.ldap.bind.password', 'ranger.ldap.ad.bind.password']
-ranger_usersync_password_properties = ['ranger.usersync.ldap.ldapbindpassword']
-ranger_tagsync_password_properties = ['xasecure.policymgr.clientssl.keystore.password', 'xasecure.policymgr.clientssl.truststore.password']
-if stack_supports_secure_ssl_password:
- ranger_admin_password_properties.extend(['ranger.service.https.attrib.keystore.pass', 'ranger.truststore.password'])
- ranger_usersync_password_properties.extend(['ranger.usersync.keystore.password', 'ranger.usersync.truststore.password'])
-
-ranger_auth_method = config['configurations']['ranger-admin-site']['ranger.authentication.method']
-ranger_ldap_password_alias = default('/configurations/ranger-admin-site/ranger.ldap.binddn.credential.alias', 'ranger.ldap.bind.password')
-ranger_ad_password_alias = default('/configurations/ranger-admin-site/ranger.ldap.ad.binddn.credential.alias', 'ranger.ldap.ad.bind.password')
-ranger_https_keystore_alias = default('/configurations/ranger-admin-site/ranger.service.https.attrib.keystore.credential.alias', 'keyStoreCredentialAlias')
-ranger_truststore_alias = default('/configurations/ranger-admin-site/ranger.truststore.alias', 'trustStoreAlias')
-https_enabled = config['configurations']['ranger-admin-site']['ranger.service.https.attrib.ssl.enabled']
-http_enabled = config['configurations']['ranger-admin-site']['ranger.service.http.enabled']
-https_keystore_password = config['configurations']['ranger-admin-site']['ranger.service.https.attrib.keystore.pass']
-truststore_password = config['configurations']['ranger-admin-site']['ranger.truststore.password']
-
-# need this to capture cluster name for ranger tagsync
-cluster_name = config['clusterName']
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py
deleted file mode 100644
index b849d58..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_admin.py
+++ /dev/null
@@ -1,217 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-from resource_management.core.exceptions import Fail
-from resource_management.libraries.functions.check_process_status import check_process_status
-from resource_management.libraries.functions import stack_select
-from resource_management.libraries.functions import conf_select
-from resource_management.libraries.functions.constants import Direction
-from resource_management.libraries.script import Script
-from resource_management.core.resources.system import Execute, File
-from resource_management.core.exceptions import ComponentIsNotRunning
-from resource_management.libraries.functions.format import format
-from resource_management.core.logger import Logger
-from resource_management.core import shell
-from ranger_service import ranger_service
-from setup_ranger_xml import setup_ranger_audit_solr, setup_ranger_admin_passwd_change
-from resource_management.libraries.functions import solr_cloud_util
-from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
-from resource_management.libraries.functions.constants import Direction
-import upgrade
-import os, errno
-
-class RangerAdmin(Script):
-
- def get_component_name(self):
- return "ranger-admin"
-
- def install(self, env):
- self.install_packages(env)
- import params
- env.set_params(params)
- # call config and setup db only in case of HDP version < 2.6
- if not params.stack_supports_ranger_setup_db_on_start:
- self.configure(env, setup_db=True)
-
- def stop(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
- if params.stack_supports_rolling_upgrade and not params.stack_supports_config_versioning and os.path.isfile(format('{ranger_home}/ews/stop-ranger-admin.sh')):
- File(format('{ranger_home}/ews/stop-ranger-admin.sh'),
- owner=params.unix_user,
- group = params.unix_group
- )
-
- Execute(format('{params.ranger_stop}'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
- if params.stack_supports_pid:
- File(params.ranger_admin_pid_file,
- action = "delete"
- )
-
- def pre_upgrade_restart(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- upgrade.prestart(env, "ranger-admin")
-
- self.set_ru_rangeradmin_in_progress(params.upgrade_marker_file)
-
- def post_upgrade_restart(self,env, upgrade_type=None):
- import params
- env.set_params(params)
-
- if os.path.isfile(params.upgrade_marker_file):
- os.remove(params.upgrade_marker_file)
-
- def start(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- # setup db only if in case HDP version is > 2.6
- self.configure(env, upgrade_type=upgrade_type, setup_db=params.stack_supports_ranger_setup_db_on_start)
-
- if params.stack_supports_infra_client and params.audit_solr_enabled and params.is_solrCloud_enabled:
- solr_cloud_util.setup_solr_client(params.config, custom_log4j = params.custom_log4j)
- setup_ranger_audit_solr()
-
- ranger_service('ranger_admin')
-
-
- def status(self, env):
- import status_params
-
- env.set_params(status_params)
-
- if status_params.stack_supports_pid:
- check_process_status(status_params.ranger_admin_pid_file)
- return
-
- cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
- code, output = shell.call(cmd, timeout=20)
-
- if code != 0:
- if self.is_ru_rangeradmin_in_progress(status_params.upgrade_marker_file):
- Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
- else:
- Logger.debug('Ranger admin process not running')
- raise ComponentIsNotRunning()
- pass
-
- def configure(self, env, upgrade_type=None, setup_db=False):
- import params
- env.set_params(params)
- if params.xml_configurations_supported:
- from setup_ranger_xml import ranger
- else:
- from setup_ranger import ranger
-
- # set up db if we are not upgrading and setup_db is true
- if setup_db and upgrade_type is None:
- if params.xml_configurations_supported:
- from setup_ranger_xml import setup_ranger_db
- setup_ranger_db()
-
- ranger('ranger_admin', upgrade_type=upgrade_type)
-
- # set up java patches if we are not upgrading and setup_db is true
- if setup_db and upgrade_type is None:
- if params.xml_configurations_supported:
- from setup_ranger_xml import setup_java_patch
- setup_java_patch()
-
- if params.stack_supports_ranger_admin_password_change:
- setup_ranger_admin_passwd_change()
-
- def set_ru_rangeradmin_in_progress(self, upgrade_marker_file):
- config_dir = os.path.dirname(upgrade_marker_file)
- try:
- msg = "Starting Upgrade"
- if (not os.path.exists(config_dir)):
- os.makedirs(config_dir)
- ofp = open(upgrade_marker_file, 'w')
- ofp.write(msg)
- ofp.close()
- except OSError as exc:
- if exc.errno == errno.EEXIST and os.path.isdir(config_dir):
- pass
- else:
- raise
-
- def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
- return os.path.isfile(upgrade_marker_file)
-
- def setup_ranger_database(self, env):
- import params
- env.set_params(params)
-
- upgrade_stack = stack_select._get_upgrade_stack()
- if upgrade_stack is None:
- raise Fail('Unable to determine the stack and stack version')
-
- stack_version = upgrade_stack[1]
-
- if params.xml_configurations_supported and params.upgrade_direction == Direction.UPGRADE:
- Logger.info(format('Setting Ranger database schema, using version {stack_version}'))
-
- from setup_ranger_xml import setup_ranger_db
- setup_ranger_db(stack_version=stack_version)
-
- def setup_ranger_java_patches(self, env):
- import params
- env.set_params(params)
-
- upgrade_stack = stack_select._get_upgrade_stack()
- if upgrade_stack is None:
- raise Fail('Unable to determine the stack and stack version')
-
- stack_version = upgrade_stack[1]
-
- if params.xml_configurations_supported and params.upgrade_direction == Direction.UPGRADE:
- Logger.info(format('Applying Ranger java patches, using version {stack_version}'))
-
- from setup_ranger_xml import setup_java_patch
- setup_java_patch(stack_version=stack_version)
-
- def set_pre_start(self, env):
- import params
- env.set_params(params)
-
- upgrade_stack = stack_select._get_upgrade_stack()
- if upgrade_stack is None:
- raise Fail('Unable to determine the stack and stack version')
-
- stack_name = upgrade_stack[0]
- stack_version = upgrade_stack[1]
-
- stack_select.select("ranger-admin", stack_version)
- conf_select.select(stack_name, "ranger-admin", stack_version)
-
- def get_log_folder(self):
- import params
- return params.admin_log_dir
-
- def get_user(self):
- import params
- return params.unix_user
-
-if __name__ == "__main__":
- RangerAdmin().execute()
-
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py
deleted file mode 100644
index 0355049..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_service.py
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management.libraries.functions.format import format
-from resource_management.libraries.functions.show_logs import show_logs
-from resource_management.core.resources.system import Execute
-
-def ranger_service(name, action=None):
- import params
-
- env_dict = {'JAVA_HOME': params.java_home}
- if params.db_flavor.lower() == 'sqla':
- env_dict = {'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH': params.ld_lib_path}
-
- if name == 'ranger_admin':
- no_op_test = format('ps -ef | grep proc_rangeradmin | grep -v grep')
- try:
- Execute(params.ranger_start, environment=env_dict, user=params.unix_user, not_if=no_op_test)
- except:
- show_logs(params.admin_log_dir, params.unix_user)
- raise
- elif name == 'ranger_usersync':
- no_op_test = format('ps -ef | grep proc_rangerusersync | grep -v grep')
- if params.stack_supports_usersync_non_root:
- try:
- Execute(params.usersync_start,
- environment=env_dict,
- not_if=no_op_test,
- user=params.unix_user
- )
- except:
- show_logs(params.usersync_log_dir, params.unix_user)
- raise
- else:
- # Usersync requires to be run as root for 2.2
- Execute((params.usersync_start,),
- environment={'JAVA_HOME': params.java_home},
- not_if=no_op_test,
- sudo=True
- )
- elif name == 'ranger_tagsync' and params.stack_supports_ranger_tagsync:
- no_op_test = format('ps -ef | grep proc_rangertagsync | grep -v grep')
- cmd = format('{tagsync_services_file} start')
- try:
- Execute(cmd,
- environment=env_dict,
- user=params.unix_user,
- not_if=no_op_test
- )
- except:
- show_logs(params.tagsync_log_dir, params.unix_user)
- raise
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py
deleted file mode 100644
index 008fb99..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_tagsync.py
+++ /dev/null
@@ -1,139 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-from resource_management.libraries.script import Script
-from resource_management.libraries.functions import conf_select
-from resource_management.libraries.functions import stack_select
-from resource_management.core.resources.system import Execute, File
-from resource_management.libraries.functions.check_process_status import check_process_status
-from resource_management.core.exceptions import ComponentIsNotRunning
-from resource_management.libraries.functions.format import format
-from resource_management.core.logger import Logger
-from resource_management.core import shell
-from ranger_service import ranger_service
-from setup_ranger_xml import ranger, ranger_credential_helper
-from resource_management.core.exceptions import Fail
-import upgrade
-
-class RangerTagsync(Script):
-
- def install(self, env):
- self.install_packages(env)
- import params
- env.set_params(params)
-
- ranger_credential_helper(params.tagsync_cred_lib, 'tagadmin.user.password', 'rangertagsync', params.tagsync_jceks_path)
- File(params.tagsync_jceks_path,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
- if params.stack_supports_ranger_tagsync_ssl_xml_support:
- Logger.info("Stack support Atlas user for Tagsync, creating keystore for same.")
- self.create_atlas_user_keystore(env)
- else:
- Logger.info("Stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
-
- self.configure(env)
-
- def configure(self, env, upgrade_type=None):
- import params
- env.set_params(params)
- ranger('ranger_tagsync', upgrade_type=upgrade_type)
-
- def start(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- self.configure(env, upgrade_type=upgrade_type)
- ranger_service('ranger_tagsync')
-
- def stop(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- Execute(format('{tagsync_services_file} stop'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
- File(params.tagsync_pid_file,
- action = "delete"
- )
-
- def status(self, env):
- import status_params
- env.set_params(status_params)
-
- check_process_status(status_params.tagsync_pid_file)
-
- def pre_upgrade_restart(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- if params.stack_supports_ranger_tagsync:
- Logger.info("Executing Ranger Tagsync Stack Upgrade pre-restart")
- conf_select.select(params.stack_name, "ranger-tagsync", params.version)
- stack_select.select("ranger-tagsync", params.version)
-
- def get_component_name(self):
- return "ranger-tagsync"
-
- def get_log_folder(self):
- import params
- return params.tagsync_log_dir
-
- def get_user(self):
- import params
- return params.unix_user
-
- def get_pid_files(self):
- import status_params
- return [status_params.tagsync_pid_file]
-
- def configure_atlas_user_for_tagsync(self, env):
- Logger.info("Configuring Atlas user for Tagsync service.")
- import params
- env.set_params(params)
-
- upgrade_stack = stack_select._get_upgrade_stack()
- if upgrade_stack is None:
- raise Fail('Unable to determine the stack and stack version')
-
- stack_name = upgrade_stack[0]
- stack_version = upgrade_stack[1]
-
- stack_select.select("ranger-tagsync", stack_version)
- conf_select.select(stack_name, "ranger-tagsync", stack_version)
- if params.stack_supports_ranger_tagsync_ssl_xml_support:
- Logger.info("Upgrading Tagsync, stack support Atlas user for Tagsync, creating keystore for same.")
- self.create_atlas_user_keystore(env)
- else:
- Logger.info("Upgrading Tagsync, stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
-
- Logger.info("Configuring Atlas user for Tagsync service done.")
-
- def create_atlas_user_keystore(self,env):
- import params
- env.set_params(params)
- ranger_credential_helper(params.tagsync_cred_lib, 'atlas.user.password', 'admin', params.atlas_tagsync_jceks_path)
- File(params.atlas_tagsync_jceks_path,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
-if __name__ == "__main__":
- RangerTagsync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py
deleted file mode 100644
index b9366f6..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/ranger_usersync.py
+++ /dev/null
@@ -1,124 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-from resource_management.libraries.functions.check_process_status import check_process_status
-from resource_management.libraries.script import Script
-from resource_management.core.resources.system import Execute, File
-from resource_management.core.exceptions import ComponentIsNotRunning
-from resource_management.libraries.functions.format import format
-from resource_management.core.logger import Logger
-from resource_management.core import shell
-from ranger_service import ranger_service
-from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
-from resource_management.libraries.functions.constants import Direction
-import upgrade
-import os
-
-class RangerUsersync(Script):
-
- def install(self, env):
- self.install_packages(env)
- import params
- env.set_params(params)
-
- if params.stack_supports_usersync_passwd:
- from setup_ranger_xml import ranger_credential_helper
- ranger_credential_helper(params.ugsync_cred_lib, params.ugsync_policymgr_alias, 'rangerusersync', params.ugsync_policymgr_keystore)
-
- File(params.ugsync_policymgr_keystore,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
- self.configure(env)
-
- def configure(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- if params.xml_configurations_supported:
- from setup_ranger_xml import ranger
- else:
- from setup_ranger import ranger
-
- ranger('ranger_usersync', upgrade_type=upgrade_type)
-
- def start(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- self.configure(env, upgrade_type=upgrade_type)
- ranger_service('ranger_usersync')
-
- def stop(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
- if params.stack_supports_usersync_non_root and os.path.isfile(params.usersync_services_file):
- File(params.usersync_services_file,
- mode = 0755
- )
- Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
- not_if=format("ls /usr/bin/ranger-usersync"),
- only_if=format("ls {usersync_services_file}"),
- sudo=True
- )
-
- Execute((params.usersync_stop,), environment={'JAVA_HOME': params.java_home}, sudo=True)
- if params.stack_supports_pid:
- File(params.ranger_usersync_pid_file,
- action = "delete"
- )
-
- def status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.stack_supports_pid:
- check_process_status(status_params.ranger_usersync_pid_file)
- return
-
- cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
- code, output = shell.call(cmd, timeout=20)
-
- if code != 0:
- Logger.debug('Ranger usersync process not running')
- raise ComponentIsNotRunning()
- pass
-
- def pre_upgrade_restart(self, env, upgrade_type=None):
- import params
- env.set_params(params)
- upgrade.prestart(env, "ranger-usersync")
-
- def get_component_name(self):
- return "ranger-usersync"
-
- def get_log_folder(self):
- import params
- return params.usersync_log_dir
-
- def get_user(self):
- import params
- return params.unix_user
-
-if __name__ == "__main__":
- RangerUsersync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py
deleted file mode 100644
index fb6af95..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/service_check.py
+++ /dev/null
@@ -1,49 +0,0 @@
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management.libraries.script import Script
-from resource_management.core.resources.system import Execute
-from resource_management.core.exceptions import ComponentIsNotRunning
-from resource_management.libraries.functions.format import format
-from resource_management.core.logger import Logger
-import os
-
-
-class RangerServiceCheck(Script):
-
- def service_check(self, env):
- import params
-
- env.set_params(params)
- self.check_ranger_admin_service(params.ranger_external_url, params.upgrade_marker_file)
-
- def check_ranger_admin_service(self, ranger_external_url, upgrade_marker_file):
- if (self.is_ru_rangeradmin_in_progress(upgrade_marker_file)):
- Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
- else:
- Execute(format("curl -s -o /dev/null -w'%{{http_code}}' --negotiate -u: -k {ranger_external_url}/login.jsp | grep 200"),
- tries = 10,
- try_sleep=3,
- logoutput=True)
-
- def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
- return os.path.isfile(upgrade_marker_file)
-
-if __name__ == "__main__":
- RangerServiceCheck().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py
deleted file mode 100644
index b0e8bad..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger.py
+++ /dev/null
@@ -1,153 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-import sys
-import fileinput
-import os
-from resource_management.libraries.functions.format import format
-from resource_management.libraries.resources.properties_file import PropertiesFile
-from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
-from resource_management.core.source import DownloadSource
-from resource_management.core.logger import Logger
-from resource_management.core.shell import as_sudo
-from resource_management.core.exceptions import Fail
-from resource_management.core.resources.system import Directory, Execute, File
-
-
-def ranger(name=None, upgrade_type=None):
- if name == 'ranger_admin':
- setup_ranger_admin(upgrade_type=upgrade_type)
-
- if name == 'ranger_usersync':
- setup_usersync(upgrade_type=upgrade_type)
-
-def setup_ranger_admin(upgrade_type=None):
- import params
-
- check_db_connnection()
-
- if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
- if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
- File(params.previous_jdbc_jar, action='delete')
-
- File(params.downloaded_custom_connector,
- content = DownloadSource(params.driver_curl_source),
- mode = 0644
- )
-
- Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target),
- path=["/bin", "/usr/bin/"],
- sudo=True)
-
- File(params.driver_curl_target, mode=0644)
-
- ModifyPropertiesFile(format("{ranger_home}/install.properties"),
- properties = params.config['configurations']['admin-properties']
- )
-
- custom_config = dict()
- custom_config['unix_user'] = params.unix_user
- custom_config['unix_group'] = params.unix_group
-
- ModifyPropertiesFile(format("{ranger_home}/install.properties"),
- properties=custom_config
- )
-
- ModifyPropertiesFile(format("{ranger_home}/install.properties"),
- properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')}
- )
-
- ##if db flavor == oracle - set oracle home env variable
- if params.db_flavor.lower() == 'oracle' and params.oracle_home:
- env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
- else:
- env_dict = {'JAVA_HOME': params.java_home}
-
- setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')])
- Execute(setup_sh,
- environment=env_dict,
- logoutput=True,
- )
-
- ModifyPropertiesFile(format("{ranger_conf}/xa_system.properties"),
- properties = params.config['configurations']['ranger-site'],
- )
-
- ModifyPropertiesFile(format("{ranger_conf}/ranger_webserver.properties"),
- properties = params.config['configurations']['ranger-site'],
- mode=0744
- )
-
- Directory(params.admin_log_dir,
- owner = params.unix_user,
- group = params.unix_group
- )
-
-def setup_usersync(upgrade_type=None):
- import params
-
- PropertiesFile(format("{usersync_home}/install.properties"),
- properties = params.config['configurations']['usersync-properties'],
- )
-
- custom_config = dict()
- custom_config['unix_user'] = params.unix_user
- custom_config['unix_group'] = params.unix_group
-
- ModifyPropertiesFile(format("{usersync_home}/install.properties"),
- properties=custom_config
- )
-
- cmd = format("cd {usersync_home} && ") + as_sudo([format('{usersync_home}/setup.sh')])
- Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True)
-
- File([params.usersync_start, params.usersync_stop],
- owner = params.unix_user
- )
- File(params.usersync_services_file,
- mode = 0755,
- )
-
- Directory(params.usersync_log_dir,
- owner = params.unix_user,
- group = params.unix_group
- )
-
-def check_db_connnection():
- import params
-
- Logger.info('Checking DB connection')
- env_dict = {}
- if params.db_flavor.lower() == 'mysql':
- cmd = format('{sql_command_invoker} -u {db_root_user} --password={db_root_password!p} -h {db_host} -s -e "select version();"')
- elif params.db_flavor.lower() == 'oracle':
- cmd = format("{sql_command_invoker} '{db_root_user}/\"{db_root_password}\"@{db_host}' AS SYSDBA")
- env_dict = {'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home}
- elif params.db_flavor.lower() == 'postgres':
- cmd = 'true'
- elif params.db_flavor.lower() == 'mssql':
- cmd = 'true'
-
- try:
- Execute(cmd,
- environment=env_dict,
- logoutput=True)
- except Fail as ex:
- Logger.error(str(ex))
- raise Fail('Ranger Database connection check failed')
[04/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-site.xml
deleted file mode 100644
index 1e6f7b5..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-site.xml
+++ /dev/null
@@ -1,133 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>hadoop.kms.key.provider.uri</name>
- <value>dbks://http@localhost:9292/kms</value>
- <description>URI of the backing KeyProvider for the KMS.</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.security.keystore.JavaKeyStoreProvider.password</name>
- <value>none</value>
- <description>If using the JavaKeyStoreProvider, the password for the keystore file.</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.cache.enable</name>
- <value>true</value>
- <description>Whether the KMS will act as a cache for the backing KeyProvider. When the cache is enabled, operations like getKeyVersion, getMetadata, and getCurrentKey will sometimes return cached data without consulting the backing KeyProvider. Cached values are flushed when keys are deleted or modified.
- </description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.cache.timeout.ms</name>
- <value>600000</value>
- <description>Expiry time for the KMS key version and key metadata cache, in milliseconds. This affects getKeyVersion and getMetadata.
- </description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.current.key.cache.timeout.ms</name>
- <value>30000</value>
- <description>Expiry time for the KMS current key cache, in milliseconds. This affects getCurrentKey operations.</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.audit.aggregation.window.ms</name>
- <value>10000</value>
- <description>Duplicate audit log events within the aggregation window (specified in ms) are quashed to reduce log traffic. A single message for aggregated events is printed at the end of the window, along with a count of the number of aggregated events.</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.type</name>
- <value>simple</value>
- <description>Authentication type for the KMS. Can be either "simple" or "kerberos".
- </description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.kerberos.keytab</name>
- <value>${user.home}/kms.keytab</value>
- <description>Path to the keytab with credentials for the configured Kerberos principal.</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.kerberos.principal</name>
- <value>HTTP/localhost</value>
- <description>The Kerberos principal to use for the HTTP endpoint. The principal must start with 'HTTP/' as per the Kerberos HTTP SPNEGO specification.</description>
- <property-type>KERBEROS_PRINCIPAL</property-type>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.kerberos.name.rules</name>
- <value>DEFAULT</value>
- <description>Rules used to resolve Kerberos principal names.</description>
- <value-attributes>
- <type>multiLine</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.signer.secret.provider</name>
- <value>random</value>
- <description>Indicates how the secret to sign the authentication cookies will be stored. Options are 'random' (default), 'string' and 'zookeeper'. If using a setup with multiple KMS instances, 'zookeeper' should be used.
- </description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.path</name>
- <value>/hadoop-kms/hadoop-auth-signature-secret</value>
- <description>The Zookeeper ZNode path where the KMS instances will store and retrieve the secret from.</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string</name>
- <value>#HOSTNAME#:#PORT#,...</value>
- <description>The Zookeeper connection string, a list of hostnames and port comma separated.</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type</name>
- <value>kerberos</value>
- <description>The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab</name>
- <value>/etc/hadoop/conf/kms.keytab</value>
- <description>The absolute path for the Kerberos keytab with the credentials to connect to Zookeeper.</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal</name>
- <value>kms/#HOSTNAME#</value>
- <description>The Kerberos service principal used to connect to Zookeeper.</description>
- <property-type>KERBEROS_PRINCIPAL</property-type>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hadoop.kms.security.authorization.manager</name>
- <value>org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-audit.xml
deleted file mode 100644
index 526794e..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-audit.xml
+++ /dev/null
@@ -1,124 +0,0 @@
-<?xml version="1.0"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>xasecure.audit.is.enabled</name>
- <value>true</value>
- <description>Is Audit enabled?</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.hdfs</name>
- <value>true</value>
- <display-name>Audit to HDFS</display-name>
- <description>Is Audit to HDFS enabled?</description>
- <value-attributes>
- <type>boolean</type>
- </value-attributes>
- <depends-on>
- <property>
- <type>core-site</type>
- <name>fs.defaultFS</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.hdfs.dir</name>
- <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
- <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
- <depends-on>
- <property>
- <type>core-site</type>
- <name>fs.defaultFS</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
- <value>/var/log/ranger/kms/audit/hdfs/spool</value>
- <description>/var/log/ranger/kms/audit/hdfs/spool</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.solr</name>
- <value>true</value>
- <display-name>Audit to SOLR</display-name>
- <description>Is Solr audit enabled?</description>
- <value-attributes>
- <type>boolean</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
- <value>/var/log/ranger/kms/audit/solr/spool</value>
- <description>/var/log/ranger/kms/audit/solr/spool</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.provider.summary.enabled</name>
- <value>false</value>
- <display-name>Audit provider summary enabled</display-name>
- <description>Enable Summary audit?</description>
- <value-attributes>
- <type>boolean</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.solr.urls</name>
- <value>{{ranger_audit_solr_urls}}</value>
- <description>Solr URL</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <depends-on>
- <property>
- <type>ranger-admin-site</type>
- <name>ranger.audit.solr.urls</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.solr.zookeepers</name>
- <value>none</value>
- <description>Solr Zookeeper string</description>
- <depends-on>
- <property>
- <type>ranger-admin-site</type>
- <name>ranger.audit.solr.zookeepers</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.plugin.kms.ambari.cluster.name</name>
- <value>{{cluster_name}}</value>
- <description>Capture cluster name from where Ranger kms plugin is enabled.</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
deleted file mode 100644
index 9eedc73..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<?xml version="1.0"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
-
- <property>
- <name>xasecure.policymgr.clientssl.keystore.password</name>
- <value>myKeyFilePassword</value>
- <property-type>PASSWORD</property-type>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <description>password for keystore</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.truststore.password</name>
- <value>changeit</value>
- <property-type>PASSWORD</property-type>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <description>java truststore password</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
- <value>jceks://file{{credential_file}}</value>
- <description>java keystore credential file</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
- <value>jceks://file{{credential_file}}</value>
- <description>java truststore credential file</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.policymgr.clientssl.keystore</name>
- <value>/usr/hdp/current/ranger-kms/conf/ranger-plugin-keystore.jks</value>
- <description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.policymgr.clientssl.truststore</name>
- <value>/usr/hdp/current/ranger-kms/conf/ranger-plugin-truststore.jks</value>
- <description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-security.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-security.xml
deleted file mode 100644
index 13adcb4..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-security.xml
+++ /dev/null
@@ -1,64 +0,0 @@
-<?xml version="1.0"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>ranger.plugin.kms.service.name</name>
- <value>{{repo_name}}</value>
- <description>Name of the Ranger service containing policies for this kms instance</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.plugin.kms.policy.source.impl</name>
- <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
- <description>Class to retrieve policies from the source</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.plugin.kms.policy.rest.url</name>
- <value>{{policymgr_mgr_url}}</value>
- <description>URL to Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
- <depends-on>
- <property>
- <type>admin-properties</type>
- <name>policymgr_external_url</name>
- </property>
- </depends-on>
- </property>
- <property>
- <name>ranger.plugin.kms.policy.rest.ssl.config.file</name>
- <value>/etc/ranger/kms/conf/ranger-policymgr-ssl.xml</value>
- <description>Path to the file containing SSL details to contact Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.plugin.kms.policy.pollIntervalMs</name>
- <value>30000</value>
- <description>How often to poll for changes in policies?</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.plugin.kms.policy.cache.dir</name>
- <value>/etc/ranger/{{repo_name}}/policycache</value>
- <description>Directory where Ranger policies are cached after successful retrieval from the source</description>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-site.xml
deleted file mode 100644
index 1d32f72..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/ranger-kms-site.xml
+++ /dev/null
@@ -1,104 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>ranger.service.host</name>
- <value>{{kms_host}}</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.http.port</name>
- <value>{{kms_port}}</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.https.port</name>
- <value>9393</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.shutdown.port</name>
- <value>7085</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.contextName</name>
- <value>/kms</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xa.webapp.dir</name>
- <value>./webapp</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.https.attrib.ssl.enabled</name>
- <value>false</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.https.attrib.keystore.file</name>
- <value>/etc/security/serverKeys/ranger-kms-keystore.jks</value>
- <on-ambari-upgrade add="false"/>
- <description/>
- </property>
- <property>
- <name>ranger.service.https.attrib.client.auth</name>
- <value>want</value>
- <on-ambari-upgrade add="false"/>
- <description/>
- </property>
- <property>
- <name>ranger.service.https.attrib.keystore.keyalias</name>
- <value>rangerkms</value>
- <on-ambari-upgrade add="false"/>
- <description/>
- </property>
- <property>
- <name>ranger.service.https.attrib.keystore.pass</name>
- <value>rangerkms</value>
- <property-type>PASSWORD</property-type>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- <description/>
- </property>
- <property>
- <name>ranger.credential.provider.path</name>
- <value>/etc/ranger/kms/rangerkms.jceks</value>
- <on-ambari-upgrade add="false"/>
- <description/>
- </property>
- <property>
- <name>ranger.service.https.attrib.keystore.credential.alias</name>
- <value>keyStoreCredentialAlias</value>
- <on-ambari-upgrade add="false"/>
- <description/>
- </property>
- <property>
- <name>ajp.enabled</name>
- <value>false</value>
- <on-ambari-upgrade add="false"/>
- <description/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/kerberos.json
deleted file mode 100644
index a54783e..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/kerberos.json
+++ /dev/null
@@ -1,84 +0,0 @@
-{
- "services": [
- {
- "name": "RANGER_KMS",
- "identities": [
- {
- "name": "/spnego",
- "keytab": {
- "configuration": "kms-site/hadoop.kms.authentication.kerberos.keytab"
- }
- },
- {
- "name": "/smokeuser"
- }
- ],
- "auth_to_local_properties" : [
- "kms-site/hadoop.kms.authentication.kerberos.name.rules"
- ],
- "configurations": [
- {
- "kms-site": {
- "hadoop.kms.authentication.type": "kerberos",
- "hadoop.kms.authentication.kerberos.principal": "*"
- }
- },
- {
- "ranger-kms-audit": {
- "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
- "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
- "xasecure.audit.jaas.Client.option.useKeyTab": "true",
- "xasecure.audit.jaas.Client.option.storeKey": "false",
- "xasecure.audit.jaas.Client.option.serviceName": "solr",
- "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
- }
- }
- ],
- "components": [
- {
- "name": "RANGER_KMS_SERVER",
- "identities": [
- {
- "name": "/spnego",
- "principal": {
- "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal"
- },
- "keytab": {
- "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab"
- }
- },
- {
- "name": "/smokeuser"
- },
- {
- "name": "rangerkms",
- "principal": {
- "value": "rangerkms/_HOST@${realm}",
- "type" : "service",
- "configuration": "dbks-site/ranger.ks.kerberos.principal",
- "local_username" : "keyadmin"
- },
- "keytab": {
- "file": "${keytab_dir}/rangerkms.service.keytab",
- "owner": {
- "name": "${kms-env/kms_user}",
- "access": "r"
- },
- "configuration": "dbks-site/ranger.ks.kerberos.keytab"
- }
- },
- {
- "name": "/RANGER_KMS/RANGER_KMS_SERVER/rangerkms",
- "principal": {
- "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.principal"
- },
- "keytab": {
- "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.keyTab"
- }
- }
- ]
- }
- ]
- }
- ]
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/metainfo.xml
deleted file mode 100644
index 24ac51f..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/metainfo.xml
+++ /dev/null
@@ -1,115 +0,0 @@
-<?xml version="1.0"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<metainfo>
- <schemaVersion>2.0</schemaVersion>
- <services>
- <service>
- <name>RANGER_KMS</name>
- <displayName>Ranger KMS</displayName>
- <comment>Key Management Server</comment>
- <version>0.5.0.3.0</version>
- <components>
-
- <component>
- <name>RANGER_KMS_SERVER</name>
- <displayName>Ranger KMS Server</displayName>
- <category>MASTER</category>
- <cardinality>1+</cardinality>
- <versionAdvertised>true</versionAdvertised>
- <commandScript>
- <script>scripts/kms_server.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>600</timeout>
- </commandScript>
- <logs>
- <log>
- <logId>ranger_kms</logId>
- <primary>true</primary>
- </log>
- </logs>
- <dependencies>
- <dependency>
- <name>HDFS/HDFS_CLIENT</name>
- <scope>host</scope>
- <auto-deploy>
- <enabled>true</enabled>
- </auto-deploy>
- </dependency>
- </dependencies>
- </component>
- </components>
-
-
- <osSpecifics>
- <osSpecific>
- <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
- <packages>
- <package>
- <name>ranger_${stack_version}-kms</name>
- </package>
- </packages>
- </osSpecific>
- <osSpecific>
- <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily>
- <packages>
- <package>
- <name>ranger-${stack_version}-kms</name>
- </package>
- </packages>
- </osSpecific>
- </osSpecifics>
-
- <configuration-dependencies>
- <config-type>kms-properties</config-type>
- <config-type>kms-site</config-type>
- <config-type>kms-log4j</config-type>
- <config-type>dbks-site</config-type>
- <config-type>ranger-kms-site</config-type>
- <config-type>ranger-kms-audit</config-type>
- <config-type>ranger-kms-policymgr-ssl</config-type>
- <config-type>ranger-kms-security</config-type>
- </configuration-dependencies>
-
- <commandScript>
- <script>scripts/service_check.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>300</timeout>
- </commandScript>
-
- <requiredServices>
- <service>RANGER</service>
- <service>HDFS</service>
- </requiredServices>
-
- <themes>
- <theme>
- <fileName>theme_version_1.json</fileName>
- <default>true</default>
- </theme>
- <theme>
- <fileName>theme_version_2.json</fileName>
- <default>true</default>
- </theme>
- </themes>
-
- </service>
- </services>
-</metainfo>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms.py
deleted file mode 100755
index 5a25b92..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms.py
+++ /dev/null
@@ -1,677 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-import sys
-import fileinput
-import os
-import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
-import urllib2, base64, httplib
-from StringIO import StringIO as BytesIO
-from datetime import datetime
-from resource_management.core.resources.system import File, Directory, Execute
-from resource_management.libraries.resources.xml_config import XmlConfig
-from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
-from resource_management.core.source import DownloadSource, InlineTemplate
-from resource_management.core.exceptions import Fail
-from resource_management.core.logger import Logger
-from resource_management.libraries.functions.is_empty import is_empty
-from resource_management.libraries.functions.format import format
-from resource_management.libraries.functions.ranger_functions import Rangeradmin
-from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2
-from resource_management.libraries.functions.decorator import safe_retry
-from resource_management.core.utils import PasswordString
-from resource_management.core.shell import as_sudo
-import re
-import time
-import socket
-
-def password_validation(password, key):
- import params
- if password.strip() == "":
- raise Fail("Blank password is not allowed for {0} property. Please enter valid password.".format(key))
- if re.search("[\\\`'\"]",password):
- raise Fail("{0} password contains one of the unsupported special characters like \" ' \ `".format(key))
- else:
- Logger.info("Password validated")
-
-def setup_kms_db(stack_version=None):
- import params
-
- if params.has_ranger_admin:
-
- kms_home = params.kms_home
- version = params.version
- if stack_version is not None:
- kms_home = format("{stack_root}/{stack_version}/ranger-kms")
- version = stack_version
-
- password_validation(params.kms_master_key_password, 'KMS master key')
-
- copy_jdbc_connector(stack_version=version)
-
- env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home}
- if params.db_flavor.lower() == 'sqla':
- env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH':params.ld_library_path}
-
- dba_setup = format('ambari-python-wrap {kms_home}/dba_script.py -q')
- db_setup = format('ambari-python-wrap {kms_home}/db_setup.py')
-
- if params.create_db_user:
- Logger.info('Setting up Ranger KMS DB and DB User')
- Execute(dba_setup, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10)
- else:
- Logger.info('Separate DBA property not set. Assuming Ranger KMS DB and DB User exists!')
- Execute(db_setup, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10)
-
-def setup_java_patch():
- import params
-
- if params.has_ranger_admin:
-
- kms_home = params.kms_home
- setup_java_patch = format('ambari-python-wrap {kms_home}/db_setup.py -javapatch')
-
- env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home}
- if params.db_flavor.lower() == 'sqla':
- env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH':params.ld_library_path}
-
- Execute(setup_java_patch, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10)
-
- kms_lib_path = format('{kms_home}/ews/webapp/lib/')
- files = os.listdir(kms_lib_path)
- hadoop_jar_files = []
-
- for x in files:
- if x.startswith('hadoop-common') and x.endswith('.jar'):
- hadoop_jar_files.append(x)
-
- if len(hadoop_jar_files) != 0:
- for f in hadoop_jar_files:
- Execute((format('{java_home}/bin/jar'),'-uf', format('{kms_home}/ews/webapp/lib/{f}'), format('{kms_home}/ews/webapp/META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory')),
- user=params.kms_user)
-
- File(format('{kms_home}/ews/webapp/lib/{f}'), owner=params.kms_user, group=params.kms_group)
-
-
-def do_keystore_setup(cred_provider_path, credential_alias, credential_password):
- import params
-
- if cred_provider_path is not None:
- java_bin = format('{java_home}/bin/java')
- file_path = format('jceks://file{cred_provider_path}')
- cmd = (java_bin, '-cp', params.cred_lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', credential_alias, '-value', PasswordString(credential_password), '-provider', file_path)
- Execute(cmd,
- environment={'JAVA_HOME': params.java_home},
- logoutput=True,
- sudo=True,
- )
-
- File(cred_provider_path,
- owner = params.kms_user,
- group = params.kms_group,
- mode = 0640
- )
-
-def kms(upgrade_type=None):
- import params
-
- if params.has_ranger_admin:
-
- Directory(params.kms_conf_dir,
- owner = params.kms_user,
- group = params.kms_group,
- create_parents = True
- )
-
- Directory("/etc/security/serverKeys",
- create_parents = True,
- cd_access = "a"
- )
-
- Directory("/etc/ranger/kms",
- create_parents = True,
- cd_access = "a"
- )
-
- copy_jdbc_connector()
-
- File(format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"),
- content = DownloadSource(format("{jdk_location}{check_db_connection_jar_name}")),
- mode = 0644,
- )
-
- cp = format("{check_db_connection_jar}")
- if params.db_flavor.lower() == 'sqla':
- cp = cp + os.pathsep + format("{kms_home}/ews/webapp/lib/sajdbc4.jar")
- else:
- path_to_jdbc = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
- if not os.path.isfile(path_to_jdbc):
- path_to_jdbc = format("{kms_home}/ews/webapp/lib/") + \
- params.default_connectors_map[params.db_flavor.lower()] if params.db_flavor.lower() in params.default_connectors_map else None
- if not os.path.isfile(path_to_jdbc):
- path_to_jdbc = format("{kms_home}/ews/webapp/lib/") + "*"
- error_message = "Error! Sorry, but we can't find jdbc driver with default name " + params.default_connectors_map[params.db_flavor] + \
- " in ranger kms lib dir. So, db connection check can fail. Please run 'ambari-server setup --jdbc-db={db_name} --jdbc-driver={path_to_jdbc} on server host.'"
- Logger.error(error_message)
-
- cp = cp + os.pathsep + path_to_jdbc
-
- db_connection_check_command = format(
- "{java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_kms_jdbc_connection_url}' {db_user} {db_password!p} {ranger_kms_jdbc_driver}")
-
- env_dict = {}
- if params.db_flavor.lower() == 'sqla':
- env_dict = {'LD_LIBRARY_PATH':params.ld_library_path}
-
- Execute(db_connection_check_command, path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', tries=5, try_sleep=10, environment=env_dict)
-
- if params.xa_audit_db_is_enabled and params.driver_source is not None and not params.driver_source.endswith("/None"):
- if params.xa_previous_jdbc_jar and os.path.isfile(params.xa_previous_jdbc_jar):
- File(params.xa_previous_jdbc_jar, action='delete')
-
- File(params.downloaded_connector_path,
- content = DownloadSource(params.driver_source),
- mode = 0644
- )
-
- Execute(('cp', '--remove-destination', params.downloaded_connector_path, params.driver_target),
- path=["/bin", "/usr/bin/"],
- sudo=True)
-
- File(params.driver_target, mode=0644)
-
- Directory(os.path.join(params.kms_home, 'ews', 'webapp', 'WEB-INF', 'classes', 'lib'),
- mode=0755,
- owner=params.kms_user,
- group=params.kms_group
- )
-
- Execute(('cp',format('{kms_home}/ranger-kms-initd'),'/etc/init.d/ranger-kms'),
- not_if=format('ls /etc/init.d/ranger-kms'),
- only_if=format('ls {kms_home}/ranger-kms-initd'),
- sudo=True)
-
- File('/etc/init.d/ranger-kms',
- mode = 0755
- )
-
- Directory(format('{kms_home}/'),
- owner = params.kms_user,
- group = params.kms_group,
- recursive_ownership = True,
- )
-
- Directory(params.ranger_kms_pid_dir,
- mode=0755,
- owner = params.kms_user,
- group = params.user_group,
- cd_access = "a",
- create_parents=True
- )
-
- if params.stack_supports_pid:
- File(format('{kms_conf_dir}/ranger-kms-env-piddir.sh'),
- content = format("export RANGER_KMS_PID_DIR_PATH={ranger_kms_pid_dir}\nexport KMS_USER={kms_user}"),
- owner = params.kms_user,
- group = params.kms_group,
- mode=0755
- )
-
- Directory(params.kms_log_dir,
- owner = params.kms_user,
- group = params.kms_group,
- cd_access = 'a',
- create_parents=True,
- mode=0755
- )
-
- File(format('{kms_conf_dir}/ranger-kms-env-logdir.sh'),
- content = format("export RANGER_KMS_LOG_DIR={kms_log_dir}"),
- owner = params.kms_user,
- group = params.kms_group,
- mode=0755
- )
-
- Execute(('ln','-sf', format('{kms_home}/ranger-kms'),'/usr/bin/ranger-kms'),
- not_if=format('ls /usr/bin/ranger-kms'),
- only_if=format('ls {kms_home}/ranger-kms'),
- sudo=True)
-
- File('/usr/bin/ranger-kms', mode = 0755)
-
- Execute(('ln','-sf', format('{kms_home}/ranger-kms'),'/usr/bin/ranger-kms-services.sh'),
- not_if=format('ls /usr/bin/ranger-kms-services.sh'),
- only_if=format('ls {kms_home}/ranger-kms'),
- sudo=True)
-
- File('/usr/bin/ranger-kms-services.sh', mode = 0755)
-
- Execute(('ln','-sf', format('{kms_home}/ranger-kms-initd'),format('{kms_home}/ranger-kms-services.sh')),
- not_if=format('ls {kms_home}/ranger-kms-services.sh'),
- only_if=format('ls {kms_home}/ranger-kms-initd'),
- sudo=True)
-
- File(format('{kms_home}/ranger-kms-services.sh'), mode = 0755)
-
- Directory(params.kms_log_dir,
- owner = params.kms_user,
- group = params.kms_group,
- mode = 0775
- )
-
- do_keystore_setup(params.credential_provider_path, params.jdbc_alias, params.db_password)
- do_keystore_setup(params.credential_provider_path, params.masterkey_alias, params.kms_master_key_password)
- if params.stack_support_kms_hsm and params.enable_kms_hsm:
- do_keystore_setup(params.credential_provider_path, params.hms_partition_alias, unicode(params.hms_partition_passwd))
- if params.stack_supports_ranger_kms_ssl and params.ranger_kms_ssl_enabled:
- do_keystore_setup(params.ranger_kms_cred_ssl_path, params.ranger_kms_ssl_keystore_alias, params.ranger_kms_ssl_passwd)
-
- # remove plain-text password from xml configs
- dbks_site_copy = {}
- dbks_site_copy.update(params.config['configurations']['dbks-site'])
-
- for prop in params.dbks_site_password_properties:
- if prop in dbks_site_copy:
- dbks_site_copy[prop] = "_"
-
- XmlConfig("dbks-site.xml",
- conf_dir=params.kms_conf_dir,
- configurations=dbks_site_copy,
- configuration_attributes=params.config['configuration_attributes']['dbks-site'],
- owner=params.kms_user,
- group=params.kms_group,
- mode=0644
- )
-
- ranger_kms_site_copy = {}
- ranger_kms_site_copy.update(params.config['configurations']['ranger-kms-site'])
- if params.stack_supports_ranger_kms_ssl:
- # remove plain-text password from xml configs
- for prop in params.ranger_kms_site_password_properties:
- if prop in ranger_kms_site_copy:
- ranger_kms_site_copy[prop] = "_"
-
- XmlConfig("ranger-kms-site.xml",
- conf_dir=params.kms_conf_dir,
- configurations=ranger_kms_site_copy,
- configuration_attributes=params.config['configuration_attributes']['ranger-kms-site'],
- owner=params.kms_user,
- group=params.kms_group,
- mode=0644
- )
-
- XmlConfig("kms-site.xml",
- conf_dir=params.kms_conf_dir,
- configurations=params.config['configurations']['kms-site'],
- configuration_attributes=params.config['configuration_attributes']['kms-site'],
- owner=params.kms_user,
- group=params.kms_group,
- mode=0644
- )
-
- File(os.path.join(params.kms_conf_dir, "kms-log4j.properties"),
- owner=params.kms_user,
- group=params.kms_group,
- content=InlineTemplate(params.kms_log4j),
- mode=0644
- )
- if params.security_enabled:
- # core-site.xml linking required by setup for HDFS encryption
- XmlConfig("core-site.xml",
- conf_dir=params.kms_conf_dir,
- configurations=params.config['configurations']['core-site'],
- configuration_attributes=params.config['configuration_attributes']['core-site'],
- owner=params.kms_user,
- group=params.kms_group,
- mode=0644
- )
- else:
- File(format('{kms_conf_dir}/core-site.xml'), action="delete")
-
-def copy_jdbc_connector(stack_version=None):
- import params
-
- if params.jdbc_jar_name is None and params.driver_curl_source.endswith("/None"):
- error_message = "Error! Sorry, but we can't find jdbc driver related to {0} database to download from {1}. \
- Please run 'ambari-server setup --jdbc-db={db_name} --jdbc-driver={path_to_jdbc} on server host.'".format(params.db_flavor, params.jdk_location)
- Logger.error(error_message)
-
- if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
- if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
- File(params.previous_jdbc_jar, action='delete')
-
- kms_home = params.kms_home
- if stack_version is not None:
- kms_home = format("{stack_root}/{stack_version}/ranger-kms")
-
- driver_curl_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
-
- File(params.downloaded_custom_connector,
- content = DownloadSource(params.driver_curl_source),
- mode = 0644
- )
-
- Directory(os.path.join(kms_home, 'ews', 'lib'),
- mode=0755
- )
-
- if params.db_flavor.lower() == 'sqla':
- Execute(('tar', '-xvf', params.downloaded_custom_connector, '-C', params.tmp_dir), sudo = True)
-
- Execute(('cp', '--remove-destination', params.jar_path_in_archive, os.path.join(kms_home, 'ews', 'webapp', 'lib')),
- path=["/bin", "/usr/bin/"],
- sudo=True)
-
- Directory(params.jdbc_libs_dir,
- cd_access="a",
- create_parents=True)
-
- Execute(as_sudo(['yes', '|', 'cp', params.libs_path_in_archive, params.jdbc_libs_dir], auto_escape=False),
- path=["/bin", "/usr/bin/"])
-
- File(os.path.join(kms_home, 'ews', 'webapp', 'lib', 'sajdbc4.jar'), mode=0644)
- else:
- Execute(('cp', '--remove-destination', params.downloaded_custom_connector, os.path.join(kms_home, 'ews', 'webapp', 'lib')),
- path=["/bin", "/usr/bin/"],
- sudo=True)
-
- File(os.path.join(kms_home, 'ews', 'webapp', 'lib', params.jdbc_jar_name), mode=0644)
-
- ModifyPropertiesFile(format("{kms_home}/install.properties"),
- properties = params.config['configurations']['kms-properties'],
- owner = params.kms_user
- )
-
- if params.db_flavor.lower() == 'sqla':
- ModifyPropertiesFile(format("{kms_home}/install.properties"),
- properties = {'SQL_CONNECTOR_JAR': format('{kms_home}/ews/webapp/lib/sajdbc4.jar')},
- owner = params.kms_user,
- )
- else:
- ModifyPropertiesFile(format("{kms_home}/install.properties"),
- properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')},
- owner = params.kms_user,
- )
-
-def enable_kms_plugin():
-
- import params
-
- if params.has_ranger_admin:
-
- ranger_flag = False
-
- if params.stack_supports_ranger_kerberos and params.security_enabled:
- if not is_empty(params.rangerkms_principal) and params.rangerkms_principal != '':
- ranger_flag = check_ranger_service_support_kerberos(params.kms_user, params.rangerkms_keytab, params.rangerkms_principal)
- else:
- ranger_flag = check_ranger_service_support_kerberos(params.kms_user, params.spengo_keytab, params.spnego_principal)
- else:
- ranger_flag = check_ranger_service()
-
- if not ranger_flag:
- Logger.error('Error in Get/Create service for Ranger Kms.')
-
- current_datetime = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
-
- File(format('{kms_conf_dir}/ranger-security.xml'),
- owner = params.kms_user,
- group = params.kms_group,
- mode = 0644,
- content = format('<ranger>\n<enabled>{current_datetime}</enabled>\n</ranger>')
- )
-
- Directory([os.path.join('/etc', 'ranger', params.repo_name), os.path.join('/etc', 'ranger', params.repo_name, 'policycache')],
- owner = params.kms_user,
- group = params.kms_group,
- mode=0775,
- create_parents = True
- )
-
- File(os.path.join('/etc', 'ranger', params.repo_name, 'policycache',format('kms_{repo_name}.json')),
- owner = params.kms_user,
- group = params.kms_group,
- mode = 0644
- )
-
- # remove plain-text password from xml configs
- plugin_audit_properties_copy = {}
- plugin_audit_properties_copy.update(params.config['configurations']['ranger-kms-audit'])
-
- if params.plugin_audit_password_property in plugin_audit_properties_copy:
- plugin_audit_properties_copy[params.plugin_audit_password_property] = "crypted"
-
- XmlConfig("ranger-kms-audit.xml",
- conf_dir=params.kms_conf_dir,
- configurations=plugin_audit_properties_copy,
- configuration_attributes=params.config['configuration_attributes']['ranger-kms-audit'],
- owner=params.kms_user,
- group=params.kms_group,
- mode=0744)
-
- XmlConfig("ranger-kms-security.xml",
- conf_dir=params.kms_conf_dir,
- configurations=params.config['configurations']['ranger-kms-security'],
- configuration_attributes=params.config['configuration_attributes']['ranger-kms-security'],
- owner=params.kms_user,
- group=params.kms_group,
- mode=0744)
-
- # remove plain-text password from xml configs
- ranger_kms_policymgr_ssl_copy = {}
- ranger_kms_policymgr_ssl_copy.update(params.config['configurations']['ranger-kms-policymgr-ssl'])
-
- for prop in params.kms_plugin_password_properties:
- if prop in ranger_kms_policymgr_ssl_copy:
- ranger_kms_policymgr_ssl_copy[prop] = "crypted"
-
- XmlConfig("ranger-policymgr-ssl.xml",
- conf_dir=params.kms_conf_dir,
- configurations=ranger_kms_policymgr_ssl_copy,
- configuration_attributes=params.config['configuration_attributes']['ranger-kms-policymgr-ssl'],
- owner=params.kms_user,
- group=params.kms_group,
- mode=0744)
-
- if params.xa_audit_db_is_enabled:
- cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'auditDBCred', '-v', PasswordString(params.xa_audit_db_password), '-c', '1')
- Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
-
- cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'sslKeyStore', '-v', PasswordString(params.ssl_keystore_password), '-c', '1')
- Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
-
- cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'sslTrustStore', '-v', PasswordString(params.ssl_truststore_password), '-c', '1')
- Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
-
- File(params.credential_file,
- owner = params.kms_user,
- group = params.kms_group,
- mode = 0640
- )
-
- # create ranger kms audit directory
- if params.xa_audit_hdfs_is_enabled and params.has_namenode and params.has_hdfs_client_on_node:
- params.HdfsResource("/ranger/audit",
- type="directory",
- action="create_on_execute",
- owner=params.hdfs_user,
- group=params.hdfs_user,
- mode=0755,
- recursive_chmod=True
- )
- params.HdfsResource("/ranger/audit/kms",
- type="directory",
- action="create_on_execute",
- owner=params.kms_user,
- group=params.kms_group,
- mode=0750,
- recursive_chmod=True
- )
- params.HdfsResource(None, action="execute")
-
- if params.xa_audit_hdfs_is_enabled and len(params.namenode_host) > 1:
- Logger.info('Audit to Hdfs enabled in NameNode HA environment, creating hdfs-site.xml')
- XmlConfig("hdfs-site.xml",
- conf_dir=params.kms_conf_dir,
- configurations=params.config['configurations']['hdfs-site'],
- configuration_attributes=params.config['configuration_attributes']['hdfs-site'],
- owner=params.kms_user,
- group=params.kms_group,
- mode=0644
- )
- else:
- File(format('{kms_conf_dir}/hdfs-site.xml'), action="delete")
-
-def setup_kms_jce():
- import params
-
- if params.jce_name is not None:
- Directory(params.jce_source_dir,
- create_parents = True
- )
-
- jce_target = format('{jce_source_dir}/{jce_name}')
-
- File(jce_target,
- content = DownloadSource(format('{jdk_location}/{jce_name}')),
- mode = 0644,
- )
-
- File([format("{java_home}/jre/lib/security/local_policy.jar"), format("{java_home}/jre/lib/security/US_export_policy.jar")],
- action = "delete",
- )
-
- unzip_cmd = ("unzip", "-o", "-j", "-q", jce_target, "-d", format("{java_home}/jre/lib/security"))
-
- Execute(unzip_cmd,
- only_if = format("test -e {java_home}/jre/lib/security && test -f {jce_target}"),
- path = ['/bin/','/usr/bin'],
- sudo = True
- )
- else:
- Logger.warning("Required jce policy zip is not available, need to setup manually")
-
-
-def check_ranger_service():
- import params
-
- policymgr_mgr_url = params.policymgr_mgr_url
- if policymgr_mgr_url.endswith('/'):
- policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
- ranger_adm_obj = Rangeradmin(url=policymgr_mgr_url)
- ambari_username_password_for_ranger = format("{ambari_ranger_admin}:{ambari_ranger_password}")
- response_code = ranger_adm_obj.check_ranger_login_urllib2(policymgr_mgr_url)
-
- if response_code is not None and response_code == 200:
- user_resp_code = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
- if user_resp_code is not None and user_resp_code == 200:
- get_repo_flag = get_repo(policymgr_mgr_url, params.repo_name, ambari_username_password_for_ranger)
- if not get_repo_flag:
- return create_repo(policymgr_mgr_url, json.dumps(params.kms_ranger_plugin_repo), ambari_username_password_for_ranger)
- else:
- return True
- else:
- return False
- else:
- Logger.error('Ranger service is not reachable')
- return False
-
-@safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail=False)
-def create_repo(url, data, usernamepassword):
- try:
- base_url = url + '/service/public/v2/api/service'
- base64string = base64.encodestring('{0}'.format(usernamepassword)).replace('\n', '')
- headers = {
- 'Accept': 'application/json',
- "Content-Type": "application/json"
- }
- request = urllib2.Request(base_url, data, headers)
- request.add_header("Authorization", "Basic {0}".format(base64string))
- result = urllib2.urlopen(request, timeout=20)
- response_code = result.getcode()
- response = json.loads(json.JSONEncoder().encode(result.read()))
- if response_code == 200:
- Logger.info('Repository created Successfully')
- return True
- else:
- Logger.info('Repository not created')
- return False
- except urllib2.URLError, e:
- if isinstance(e, urllib2.HTTPError):
- raise Fail("Error creating service. Http status code - {0}. \n {1}".format(e.code, e.read()))
- else:
- raise Fail("Error creating service. Reason - {0}.".format(e.reason))
- except socket.timeout as e:
- raise Fail("Error creating service. Reason - {0}".format(e))
-
-@safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail=False)
-def get_repo(url, name, usernamepassword):
- try:
- base_url = url + '/service/public/v2/api/service?serviceName=' + name + '&serviceType=kms&isEnabled=true'
- request = urllib2.Request(base_url)
- base64string = base64.encodestring(usernamepassword).replace('\n', '')
- request.add_header("Content-Type", "application/json")
- request.add_header("Accept", "application/json")
- request.add_header("Authorization", "Basic {0}".format(base64string))
- result = urllib2.urlopen(request, timeout=20)
- response_code = result.getcode()
- response = json.loads(result.read())
- if response_code == 200 and len(response) > 0:
- for repo in response:
- if repo.get('name').lower() == name.lower() and repo.has_key('name'):
- Logger.info('KMS repository exist')
- return True
- else:
- Logger.info('KMS repository doesnot exist')
- return False
- else:
- Logger.info('KMS repository doesnot exist')
- return False
- except urllib2.URLError, e:
- if isinstance(e, urllib2.HTTPError):
- raise Fail("Error getting {0} service. Http status code - {1}. \n {2}".format(name, e.code, e.read()))
- else:
- raise Fail("Error getting {0} service. Reason - {1}.".format(name, e.reason))
- except socket.timeout as e:
- raise Fail("Error creating service. Reason - {0}".format(e))
-
-def check_ranger_service_support_kerberos(user, keytab, principal):
- import params
-
- policymgr_mgr_url = params.policymgr_mgr_url
- if policymgr_mgr_url.endswith('/'):
- policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
- ranger_adm_obj = RangeradminV2(url=policymgr_mgr_url)
- response_code = ranger_adm_obj.check_ranger_login_curl(user, keytab, principal, policymgr_mgr_url, True)
-
- if response_code is not None and response_code[0] == 200:
- get_repo_name_response = ranger_adm_obj.get_repository_by_name_curl(user, keytab, principal, params.repo_name, 'kms', 'true', is_keyadmin = True)
- if get_repo_name_response is not None:
- Logger.info('KMS repository {0} exist'.format(get_repo_name_response['name']))
- return True
- else:
- create_repo_response = ranger_adm_obj.create_repository_curl(user, keytab, principal, params.repo_name, json.dumps(params.kms_ranger_plugin_repo), None, is_keyadmin = True)
- if create_repo_response is not None and len(create_repo_response) > 0:
- return True
- else:
- return False
- else:
- Logger.error('Ranger service is not reachable')
- return False
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_server.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_server.py
deleted file mode 100755
index 44d61da..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_server.py
+++ /dev/null
@@ -1,117 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-from resource_management.core.exceptions import Fail
-from resource_management.libraries.functions.check_process_status import check_process_status
-from resource_management.libraries.functions import stack_select
-from resource_management.libraries.script import Script
-from resource_management.core.resources.system import Execute, File
-from resource_management.core.exceptions import ComponentIsNotRunning
-from resource_management.libraries.functions.format import format
-from resource_management.core.logger import Logger
-from resource_management.core import shell
-from resource_management.libraries.functions.default import default
-from kms import kms, setup_kms_db, setup_java_patch, enable_kms_plugin, setup_kms_jce
-from kms_service import kms_service
-import upgrade
-
-class KmsServer(Script):
-
- def get_component_name(self):
- return "ranger-kms"
-
- def install(self, env):
- self.install_packages(env)
- import params
- env.set_params(params)
-
- setup_kms_db()
- self.configure(env)
- setup_java_patch()
-
- def stop(self, env, upgrade_type=None):
- import params
-
- env.set_params(params)
- kms_service(action = 'stop', upgrade_type=upgrade_type)
- if params.stack_supports_pid:
- File(params.ranger_kms_pid_file,
- action = "delete"
- )
-
- def start(self, env, upgrade_type=None):
- import params
-
- env.set_params(params)
- self.configure(env)
- enable_kms_plugin()
- setup_kms_jce()
- kms_service(action = 'start', upgrade_type=upgrade_type)
-
- def status(self, env):
- import status_params
- env.set_params(status_params)
-
- if status_params.stack_supports_pid:
- check_process_status(status_params.ranger_kms_pid_file)
- return
-
- cmd = 'ps -ef | grep proc_rangerkms | grep -v grep'
- code, output = shell.call(cmd, timeout=20)
- if code != 0:
- Logger.debug('KMS process not running')
- raise ComponentIsNotRunning()
- pass
-
- def configure(self, env):
- import params
-
- env.set_params(params)
- kms()
-
- def pre_upgrade_restart(self, env, upgrade_type=None):
- import params
- env.set_params(params)
-
- upgrade.prestart(env, "ranger-kms")
- kms(upgrade_type=upgrade_type)
- setup_java_patch()
-
- def setup_ranger_kms_database(self, env):
- import params
- env.set_params(params)
-
- upgrade_stack = stack_select._get_upgrade_stack()
- if upgrade_stack is None:
- raise Fail('Unable to determine the stack and stack version')
-
- stack_version = upgrade_stack[1]
- Logger.info(format('Setting Ranger KMS database schema, using version {stack_version}'))
- setup_kms_db(stack_version=stack_version)
-
- def get_log_folder(self):
- import params
- return params.kms_log_dir
-
- def get_user(self):
- import params
- return params.kms_user
-
-if __name__ == "__main__":
- KmsServer().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_service.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_service.py
deleted file mode 100644
index 2ff48c3..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/kms_service.py
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management.core.resources.system import Execute, File
-from resource_management.core import shell
-from resource_management.libraries.functions.format import format
-from resource_management.core.exceptions import ComponentIsNotRunning
-from resource_management.core.logger import Logger
-from resource_management.libraries.functions.show_logs import show_logs
-from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
-from resource_management.libraries.functions.constants import Direction
-import os
-
-def kms_service(action='start', upgrade_type=None):
- import params
-
- env_dict = {'JAVA_HOME': params.java_home}
- if params.db_flavor.lower() == 'sqla':
- env_dict = {'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH': params.ld_library_path}
-
- if action == 'start':
- no_op_test = format('ps -ef | grep proc_rangerkms | grep -v grep')
- cmd = format('{kms_home}/ranger-kms start')
- try:
- Execute(cmd, not_if=no_op_test, environment=env_dict, user=format('{kms_user}'))
- except:
- show_logs(params.kms_log_dir, params.kms_user)
- raise
- elif action == 'stop':
- if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
- if os.path.isfile(format('{kms_home}/ranger-kms')):
- File(format('{kms_home}/ranger-kms'),
- owner=params.kms_user,
- group = params.kms_group
- )
- cmd = format('{kms_home}/ranger-kms stop')
- try:
- Execute(cmd, environment=env_dict, user=format('{kms_user}'))
- except:
- show_logs(params.kms_log_dir, params.kms_user)
- raise
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/params.py
deleted file mode 100755
index 2445f2e..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/params.py
+++ /dev/null
@@ -1,331 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-import os
-from resource_management.libraries.functions import conf_select
-from resource_management.libraries.script import Script
-from resource_management.libraries.functions.version import format_stack_version
-from resource_management.libraries.functions.format import format
-from resource_management.libraries.functions.default import default
-from resource_management.libraries.functions.stack_features import check_stack_feature
-from resource_management.libraries.functions.stack_features import get_stack_feature_version
-from resource_management.libraries.functions import StackFeature
-from resource_management.libraries.functions.get_bare_principal import get_bare_principal
-from resource_management.libraries.functions.is_empty import is_empty
-from resource_management.libraries.functions.setup_ranger_plugin_xml import generate_ranger_service_config
-from resource_management.libraries.resources.hdfs_resource import HdfsResource
-from resource_management.libraries.functions import stack_select
-from resource_management.libraries.functions import get_kinit_path
-
-config = Script.get_config()
-tmp_dir = Script.get_tmp_dir()
-stack_root = Script.get_stack_root()
-
-stack_name = default("/hostLevelParams/stack_name", None)
-version = default("/commandParams/version", None)
-upgrade_direction = default("/commandParams/upgrade_direction", None)
-
-stack_version_unformatted = config['hostLevelParams']['stack_version']
-stack_version_formatted = format_stack_version(stack_version_unformatted)
-
-# get the correct version to use for checking stack features
-version_for_stack_feature_checks = get_stack_feature_version(config)
-
-stack_supports_config_versioning = check_stack_feature(StackFeature.CONFIG_VERSIONING, version_for_stack_feature_checks)
-stack_support_kms_hsm = check_stack_feature(StackFeature.RANGER_KMS_HSM_SUPPORT, version_for_stack_feature_checks)
-stack_supports_ranger_kerberos = check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, version_for_stack_feature_checks)
-stack_supports_pid = check_stack_feature(StackFeature.RANGER_KMS_PID_SUPPORT, version_for_stack_feature_checks)
-stack_supports_ranger_audit_db = check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, version_for_stack_feature_checks)
-stack_supports_ranger_kms_ssl = check_stack_feature(StackFeature.RANGER_KMS_SSL, version_for_stack_feature_checks)
-
-hadoop_conf_dir = conf_select.get_hadoop_conf_dir()
-security_enabled = config['configurations']['cluster-env']['security_enabled']
-
-if stack_supports_config_versioning:
- kms_home = format('{stack_root}/current/ranger-kms')
- kms_conf_dir = format('{stack_root}/current/ranger-kms/conf')
-
-kms_log_dir = default("/configurations/kms-env/kms_log_dir", "/var/log/ranger/kms")
-java_home = config['hostLevelParams']['java_home']
-kms_user = default("/configurations/kms-env/kms_user", "kms")
-kms_group = default("/configurations/kms-env/kms_group", "kms")
-
-ranger_kms_audit_log_maxfilesize = default('/configurations/kms-log4j/ranger_kms_audit_log_maxfilesize',256)
-ranger_kms_audit_log_maxbackupindex = default('/configurations/kms-log4j/ranger_kms_audit_log_maxbackupindex',20)
-ranger_kms_log_maxfilesize = default('/configurations/kms-log4j/ranger_kms_log_maxfilesize',256)
-ranger_kms_log_maxbackupindex = default('/configurations/kms-log4j/ranger_kms_log_maxbackupindex',20)
-
-jdk_location = config['hostLevelParams']['jdk_location']
-kms_log4j = config['configurations']['kms-log4j']['content']
-
-# ranger host
-ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts'][0]
-has_ranger_admin = len(ranger_admin_hosts) > 0
-kms_host = config['clusterHostInfo']['ranger_kms_server_hosts'][0]
-kms_port = config['configurations']['kms-env']['kms_port']
-
-create_db_user = config['configurations']['kms-env']['create_db_user']
-
-#kms properties
-db_flavor = (config['configurations']['kms-properties']['DB_FLAVOR']).lower()
-db_host = config['configurations']['kms-properties']['db_host']
-db_name = config['configurations']['kms-properties']['db_name']
-db_user = config['configurations']['kms-properties']['db_user']
-db_password = unicode(config['configurations']['kms-properties']['db_password'])
-kms_master_key_password = unicode(config['configurations']['kms-properties']['KMS_MASTER_KEY_PASSWD'])
-credential_provider_path = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.credential.provider.path']
-jdbc_alias = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.credential.alias']
-masterkey_alias = config['configurations']['dbks-site']['ranger.ks.masterkey.credential.alias']
-repo_name = str(config['clusterName']) + '_kms'
-repo_name_value = config['configurations']['ranger-kms-security']['ranger.plugin.kms.service.name']
-if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
- repo_name = repo_name_value
-cred_lib_path = os.path.join(kms_home,"cred","lib","*")
-cred_setup_prefix = (format('{kms_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
-credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
-
-if has_ranger_admin:
- policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
- if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
- policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
- xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
- xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
- xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
- xa_audit_db_password = ''
- if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
- xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
- xa_db_host = config['configurations']['admin-properties']['db_host']
-
- admin_uname = config['configurations']['ranger-env']['admin_username']
- admin_password = config['configurations']['ranger-env']['admin_password']
- ambari_ranger_admin = config['configurations']['ranger-env']['ranger_admin_username']
- ambari_ranger_password = config['configurations']['ranger-env']['ranger_admin_password']
- admin_uname_password = format("{admin_uname}:{admin_password}")
- ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
-
-default_connectors_map = { "mssql":"sqljdbc4.jar",
- "mysql":"mysql-connector-java.jar",
- "postgres":"postgresql-jdbc.jar",
- "oracle":"ojdbc.jar",
- "sqla":"sajdbc4.jar"}
-
-java_share_dir = '/usr/share/java'
-jdbc_jar_name = None
-previous_jdbc_jar_name = None
-if db_flavor == 'mysql':
- jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- db_jdbc_url = format('jdbc:log4jdbc:mysql://{db_host}/{db_name}')
- db_jdbc_driver = "com.mysql.jdbc.Driver"
- jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform"
-elif db_flavor == 'oracle':
- jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- colon_count = db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- db_jdbc_url = format('jdbc:oracle:thin:@{db_host}')
- else:
- db_jdbc_url = format('jdbc:oracle:thin:@//{db_host}')
- db_jdbc_driver = "oracle.jdbc.OracleDriver"
- jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform"
-elif db_flavor == 'postgres':
- jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- db_jdbc_url = format('jdbc:postgresql://{db_host}/{db_name}')
- db_jdbc_driver = "org.postgresql.Driver"
- jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
-elif db_flavor == 'mssql':
- jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- db_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={db_name}')
- db_jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
- jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform"
-elif db_flavor == 'sqla':
- jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- db_jdbc_url = format('jdbc:sqlanywhere:database={db_name};host={db_host}')
- db_jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
- jdbc_dialect = "org.eclipse.persistence.platform.database.SQLAnywherePlatform"
-
-downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
-
-driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
-driver_curl_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
-previous_jdbc_jar = format("{kms_home}/ews/webapp/lib/{previous_jdbc_jar_name}")
-ews_lib_jar_path = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
-
-if db_flavor == 'sqla':
- downloaded_custom_connector = format("{tmp_dir}/sqla-client-jdbc.tar.gz")
- jar_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/java/sajdbc4.jar")
- libs_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/native/lib64/*")
- jdbc_libs_dir = format("{kms_home}/native/lib64")
- ld_library_path = format("{jdbc_libs_dir}")
-
-if has_ranger_admin:
- xa_previous_jdbc_jar_name = None
- if stack_supports_ranger_audit_db:
- if xa_audit_db_flavor == 'mysql':
- jdbc_jar = default("/hostLevelParams/custom_mysql_jdbc_name", None)
- xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "com.mysql.jdbc.Driver"
- elif xa_audit_db_flavor == 'oracle':
- jdbc_jar = default("/hostLevelParams/custom_oracle_jdbc_name", None)
- xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
- colon_count = xa_db_host.count(':')
- if colon_count == 2 or colon_count == 0:
- audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
- else:
- audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
- jdbc_driver = "oracle.jdbc.OracleDriver"
- elif xa_audit_db_flavor == 'postgres':
- jdbc_jar = default("/hostLevelParams/custom_postgres_jdbc_name", None)
- xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
- audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
- jdbc_driver = "org.postgresql.Driver"
- elif xa_audit_db_flavor == 'mssql':
- jdbc_jar = default("/hostLevelParams/custom_mssql_jdbc_name", None)
- xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
- jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
- elif xa_audit_db_flavor == 'sqla':
- jdbc_jar = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
- xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
- audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
- jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
-
- downloaded_connector_path = format("{tmp_dir}/{jdbc_jar}") if stack_supports_ranger_audit_db else None
- driver_source = format("{jdk_location}/{jdbc_jar}") if stack_supports_ranger_audit_db else None
- driver_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar}") if stack_supports_ranger_audit_db else None
- xa_previous_jdbc_jar = format("{kms_home}/ews/webapp/lib/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
-
-repo_config_username = config['configurations']['kms-properties']['REPOSITORY_CONFIG_USERNAME']
-repo_config_password = unicode(config['configurations']['kms-properties']['REPOSITORY_CONFIG_PASSWORD'])
-
-kms_plugin_config = {
- 'username' : repo_config_username,
- 'password' : repo_config_password,
- 'provider' : format('kms://http@{kms_host}:{kms_port}/kms')
-}
-
-xa_audit_db_is_enabled = False
-if stack_supports_ranger_audit_db:
- xa_audit_db_is_enabled = config['configurations']['ranger-kms-audit']['xasecure.audit.destination.db']
-ssl_keystore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
-ssl_truststore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
-
-#For SQLA explicitly disable audit to DB for Ranger
-if xa_audit_db_flavor == 'sqla':
- xa_audit_db_is_enabled = False
-
-current_host = config['hostname']
-ranger_kms_hosts = config['clusterHostInfo']['ranger_kms_server_hosts']
-if current_host in ranger_kms_hosts:
- kms_host = current_host
-
-check_db_connection_jar_name = "DBConnectionVerification.jar"
-check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}")
-ranger_kms_jdbc_connection_url = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.url']
-ranger_kms_jdbc_driver = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.driver']
-
-jce_name = default("/hostLevelParams/jce_name", None)
-jce_source_dir = format('{tmp_dir}/jce_dir')
-
-#kms hsm support
-enable_kms_hsm = default("/configurations/dbks-site/ranger.ks.hsm.enabled", False)
-hms_partition_alias = default("/configurations/dbks-site/ranger.ks.hsm.partition.password.alias", "ranger.kms.hsm.partition.password")
-hms_partition_passwd = default("/configurations/kms-env/hsm_partition_password", None)
-
-# kms kerberos from stack 2.5 onward
-rangerkms_bare_principal = 'rangerkms'
-
-if stack_supports_ranger_kerberos:
- if security_enabled:
- rangerkms_principal = config['configurations']['dbks-site']['ranger.ks.kerberos.principal']
- rangerkms_keytab = config['configurations']['dbks-site']['ranger.ks.kerberos.keytab']
- if not is_empty(rangerkms_principal) and rangerkms_principal != '':
- rangerkms_bare_principal = get_bare_principal(rangerkms_principal)
- rangerkms_principal = rangerkms_principal.replace('_HOST', kms_host.lower())
- kms_plugin_config['policy.download.auth.users'] = format('keyadmin,{rangerkms_bare_principal}')
-
-custom_ranger_service_config = generate_ranger_service_config(config['configurations']['kms-properties'])
-if len(custom_ranger_service_config) > 0:
- kms_plugin_config.update(custom_ranger_service_config)
-
-kms_ranger_plugin_repo = {
- 'isEnabled' : 'true',
- 'configs' : kms_plugin_config,
- 'description' : 'kms repo',
- 'name' : repo_name,
- 'type' : 'kms'
-}
-
-# ranger kms pid
-user_group = config['configurations']['cluster-env']['user_group']
-ranger_kms_pid_dir = default("/configurations/kms-env/ranger_kms_pid_dir", "/var/run/ranger_kms")
-ranger_kms_pid_file = format('{ranger_kms_pid_dir}/rangerkms.pid')
-
-if security_enabled:
- spengo_keytab = config['configurations']['kms-site']['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab']
- spnego_principal = config['configurations']['kms-site']['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal']
- spnego_principal = spnego_principal.replace('_HOST', current_host.lower())
-
-plugin_audit_password_property = 'xasecure.audit.destination.db.password'
-kms_plugin_password_properties = ['xasecure.policymgr.clientssl.keystore.password', 'xasecure.policymgr.clientssl.truststore.password']
-dbks_site_password_properties = ['ranger.db.encrypt.key.password', 'ranger.ks.jpa.jdbc.password', 'ranger.ks.hsm.partition.password']
-ranger_kms_site_password_properties = ['ranger.service.https.attrib.keystore.pass']
-ranger_kms_cred_ssl_path = config['configurations']['ranger-kms-site']['ranger.credential.provider.path']
-ranger_kms_ssl_keystore_alias = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.keystore.credential.alias']
-ranger_kms_ssl_passwd = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.keystore.pass']
-ranger_kms_ssl_enabled = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.ssl.enabled']
-
-xa_audit_hdfs_is_enabled = default("/configurations/ranger-kms-audit/xasecure.audit.destination.hdfs", False)
-namenode_host = default("/clusterHostInfo/namenode_host", [])
-
-# need this to capture cluster name from where ranger kms plugin is enabled
-cluster_name = config['clusterName']
-
-has_namenode = len(namenode_host) > 0
-
-hdfs_user = default("/configurations/hadoop-env/hdfs_user", None)
-hdfs_user_keytab = default("/configurations/hadoop-env/hdfs_user_keytab", None)
-hdfs_principal_name = default("/configurations/hadoop-env/hdfs_principal_name", None)
-default_fs = default("/configurations/core-site/fs.defaultFS", None)
-hdfs_site = config['configurations']['hdfs-site'] if has_namenode else None
-hadoop_bin_dir = stack_select.get_hadoop_dir("bin") if has_namenode else None
-kinit_path_local = get_kinit_path(default('/configurations/kerberos-env/executable_search_paths', None))
-
-import functools
-# create partial functions with common arguments for every HdfsResource call
-# to create/delete hdfs directory/file/copyfromlocal we need to call params.HdfsResource in code
-HdfsResource = functools.partial(
- HdfsResource,
- user=hdfs_user,
- security_enabled = security_enabled,
- keytab = hdfs_user_keytab,
- kinit_path_local = kinit_path_local,
- hadoop_bin_dir = hadoop_bin_dir,
- hadoop_conf_dir = hadoop_conf_dir,
- principal_name = hdfs_principal_name,
- hdfs_site = hdfs_site,
- default_fs = default_fs
-)
-
-local_component_list = default("/localComponents", [])
-has_hdfs_client_on_node = 'HDFS_CLIENT' in local_component_list
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/service_check.py
deleted file mode 100644
index 84e4e73..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/service_check.py
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management.libraries.script import Script
-from resource_management.core.logger import Logger
-from resource_management.core import shell
-from resource_management.core.exceptions import ComponentIsNotRunning
-
-
-class KmsServiceCheck(Script):
- def service_check(self, env):
- import params
-
- env.set_params(params)
- cmd = 'ps -ef | grep proc_rangerkms | grep -v grep'
- code, output = shell.call(cmd, timeout=20)
- if code == 0:
- Logger.info('KMS process up and running')
- else:
- Logger.debug('KMS process not running')
- raise ComponentIsNotRunning()
-
-if __name__ == "__main__":
- KmsServiceCheck().execute()
[02/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/metainfo.xml
new file mode 100644
index 0000000..d328d89
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/metainfo.xml
@@ -0,0 +1,111 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<metainfo>
+ <schemaVersion>2.0</schemaVersion>
+ <services>
+ <service>
+ <name>RANGER_KMS</name>
+ <displayName>Ranger KMS</displayName>
+ <comment>Key Management Server</comment>
+ <version>1.0.0.3.0</version>
+ <components>
+
+ <component>
+ <name>RANGER_KMS_SERVER</name>
+ <displayName>Ranger KMS Server</displayName>
+ <category>MASTER</category>
+ <cardinality>1+</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <commandScript>
+ <script>scripts/kms_server.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <logs>
+ <log>
+ <logId>ranger_kms</logId>
+ <primary>true</primary>
+ </log>
+ </logs>
+ <dependencies>
+ <dependency>
+ <name>HDFS/HDFS_CLIENT</name>
+ <scope>host</scope>
+ <auto-deploy>
+ <enabled>true</enabled>
+ </auto-deploy>
+ </dependency>
+ </dependencies>
+ </component>
+ </components>
+
+
+ <osSpecifics>
+ <osSpecific>
+ <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
+ <packages>
+ <package>
+ <name>ranger_${stack_version}-kms</name>
+ </package>
+ </packages>
+ </osSpecific>
+ <osSpecific>
+ <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily>
+ <packages>
+ <package>
+ <name>ranger-${stack_version}-kms</name>
+ </package>
+ </packages>
+ </osSpecific>
+ </osSpecifics>
+
+ <configuration-dependencies>
+ <config-type>kms-properties</config-type>
+ <config-type>kms-site</config-type>
+ <config-type>kms-log4j</config-type>
+ <config-type>dbks-site</config-type>
+ <config-type>ranger-kms-site</config-type>
+ <config-type>ranger-kms-audit</config-type>
+ <config-type>ranger-kms-policymgr-ssl</config-type>
+ <config-type>ranger-kms-security</config-type>
+ </configuration-dependencies>
+
+ <commandScript>
+ <script>scripts/service_check.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>300</timeout>
+ </commandScript>
+
+ <requiredServices>
+ <service>RANGER</service>
+ <service>HDFS</service>
+ </requiredServices>
+
+ <themes>
+ <theme>
+ <fileName>theme_version_1.json</fileName>
+ <default>true</default>
+ </theme>
+ </themes>
+
+ </service>
+ </services>
+</metainfo>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms.py
new file mode 100755
index 0000000..6e4a171
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms.py
@@ -0,0 +1,675 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+import sys
+import fileinput
+import os
+import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
+import urllib2, base64, httplib
+from StringIO import StringIO as BytesIO
+from datetime import datetime
+from resource_management.core.resources.system import File, Directory, Execute
+from resource_management.libraries.resources.xml_config import XmlConfig
+from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
+from resource_management.core.source import DownloadSource, InlineTemplate
+from resource_management.core.exceptions import Fail
+from resource_management.core.logger import Logger
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.ranger_functions import Rangeradmin
+from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2
+from resource_management.libraries.functions.decorator import safe_retry
+from resource_management.core.utils import PasswordString
+from resource_management.core.shell import as_sudo
+import re
+import time
+import socket
+
+def password_validation(password, key):
+ import params
+ if password.strip() == "":
+ raise Fail("Blank password is not allowed for {0} property. Please enter valid password.".format(key))
+ if re.search("[\\\`'\"]",password):
+ raise Fail("{0} password contains one of the unsupported special characters like \" ' \ `".format(key))
+ else:
+ Logger.info("Password validated")
+
+def setup_kms_db(stack_version=None):
+ import params
+
+ if params.has_ranger_admin:
+
+ kms_home = params.kms_home
+ version = params.version
+ if stack_version is not None:
+ kms_home = format("{stack_root}/{stack_version}/ranger-kms")
+ version = stack_version
+
+ password_validation(params.kms_master_key_password, 'KMS master key')
+
+ copy_jdbc_connector(stack_version=version)
+
+ env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH':params.ld_library_path}
+
+ dba_setup = format('ambari-python-wrap {kms_home}/dba_script.py -q')
+ db_setup = format('ambari-python-wrap {kms_home}/db_setup.py')
+
+ if params.create_db_user:
+ Logger.info('Setting up Ranger KMS DB and DB User')
+ Execute(dba_setup, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10)
+ else:
+ Logger.info('Separate DBA property not set. Assuming Ranger KMS DB and DB User exists!')
+ Execute(db_setup, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10)
+
+def setup_java_patch():
+ import params
+
+ if params.has_ranger_admin:
+
+ kms_home = params.kms_home
+ setup_java_patch = format('ambari-python-wrap {kms_home}/db_setup.py -javapatch')
+
+ env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'RANGER_KMS_HOME':kms_home, 'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH':params.ld_library_path}
+
+ Execute(setup_java_patch, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10)
+
+ kms_lib_path = format('{kms_home}/ews/webapp/lib/')
+ files = os.listdir(kms_lib_path)
+ hadoop_jar_files = []
+
+ for x in files:
+ if x.startswith('hadoop-common') and x.endswith('.jar'):
+ hadoop_jar_files.append(x)
+
+ if len(hadoop_jar_files) != 0:
+ for f in hadoop_jar_files:
+ Execute((format('{java_home}/bin/jar'),'-uf', format('{kms_home}/ews/webapp/lib/{f}'), format('{kms_home}/ews/webapp/META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory')),
+ user=params.kms_user)
+
+ File(format('{kms_home}/ews/webapp/lib/{f}'), owner=params.kms_user, group=params.kms_group)
+
+def do_keystore_setup(cred_provider_path, credential_alias, credential_password):
+ import params
+
+ if cred_provider_path is not None:
+ java_bin = format('{java_home}/bin/java')
+ file_path = format('jceks://file{cred_provider_path}')
+ cmd = (java_bin, '-cp', params.cred_lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', credential_alias, '-value', PasswordString(credential_password), '-provider', file_path)
+ Execute(cmd,
+ environment={'JAVA_HOME': params.java_home},
+ logoutput=True,
+ sudo=True,
+ )
+
+ File(cred_provider_path,
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0640
+ )
+
+def kms(upgrade_type=None):
+ import params
+
+ if params.has_ranger_admin:
+
+ Directory(params.kms_conf_dir,
+ owner = params.kms_user,
+ group = params.kms_group,
+ create_parents = True
+ )
+
+ Directory("/etc/security/serverKeys",
+ create_parents = True,
+ cd_access = "a"
+ )
+
+ Directory("/etc/ranger/kms",
+ create_parents = True,
+ cd_access = "a"
+ )
+
+ copy_jdbc_connector()
+
+ File(format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"),
+ content = DownloadSource(format("{jdk_location}{check_db_connection_jar_name}")),
+ mode = 0644,
+ )
+
+ cp = format("{check_db_connection_jar}")
+ if params.db_flavor.lower() == 'sqla':
+ cp = cp + os.pathsep + format("{kms_home}/ews/webapp/lib/sajdbc4.jar")
+ else:
+ path_to_jdbc = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
+ if not os.path.isfile(path_to_jdbc):
+ path_to_jdbc = format("{kms_home}/ews/webapp/lib/") + \
+ params.default_connectors_map[params.db_flavor.lower()] if params.db_flavor.lower() in params.default_connectors_map else None
+ if not os.path.isfile(path_to_jdbc):
+ path_to_jdbc = format("{kms_home}/ews/webapp/lib/") + "*"
+ error_message = "Error! Sorry, but we can't find jdbc driver with default name " + params.default_connectors_map[params.db_flavor] + \
+ " in ranger kms lib dir. So, db connection check can fail. Please run 'ambari-server setup --jdbc-db={db_name} --jdbc-driver={path_to_jdbc} on server host.'"
+ Logger.error(error_message)
+
+ cp = cp + os.pathsep + path_to_jdbc
+
+ db_connection_check_command = format(
+ "{java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_kms_jdbc_connection_url}' {db_user} {db_password!p} {ranger_kms_jdbc_driver}")
+
+ env_dict = {}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'LD_LIBRARY_PATH':params.ld_library_path}
+
+ Execute(db_connection_check_command, path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', tries=5, try_sleep=10, environment=env_dict)
+
+ if params.xa_audit_db_is_enabled and params.driver_source is not None and not params.driver_source.endswith("/None"):
+ if params.xa_previous_jdbc_jar and os.path.isfile(params.xa_previous_jdbc_jar):
+ File(params.xa_previous_jdbc_jar, action='delete')
+
+ File(params.downloaded_connector_path,
+ content = DownloadSource(params.driver_source),
+ mode = 0644
+ )
+
+ Execute(('cp', '--remove-destination', params.downloaded_connector_path, params.driver_target),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(params.driver_target, mode=0644)
+
+ Directory(os.path.join(params.kms_home, 'ews', 'webapp', 'WEB-INF', 'classes', 'lib'),
+ mode=0755,
+ owner=params.kms_user,
+ group=params.kms_group
+ )
+
+ Execute(('cp',format('{kms_home}/ranger-kms-initd'),'/etc/init.d/ranger-kms'),
+ not_if=format('ls /etc/init.d/ranger-kms'),
+ only_if=format('ls {kms_home}/ranger-kms-initd'),
+ sudo=True)
+
+ File('/etc/init.d/ranger-kms',
+ mode = 0755
+ )
+
+ Directory(format('{kms_home}/'),
+ owner = params.kms_user,
+ group = params.kms_group,
+ recursive_ownership = True,
+ )
+
+ Directory(params.ranger_kms_pid_dir,
+ mode=0755,
+ owner = params.kms_user,
+ group = params.user_group,
+ cd_access = "a",
+ create_parents=True
+ )
+
+ if params.stack_supports_pid:
+ File(format('{kms_conf_dir}/ranger-kms-env-piddir.sh'),
+ content = format("export RANGER_KMS_PID_DIR_PATH={ranger_kms_pid_dir}\nexport KMS_USER={kms_user}"),
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode=0755
+ )
+
+ Directory(params.kms_log_dir,
+ owner = params.kms_user,
+ group = params.kms_group,
+ cd_access = 'a',
+ create_parents=True,
+ mode=0755
+ )
+
+ File(format('{kms_conf_dir}/ranger-kms-env-logdir.sh'),
+ content = format("export RANGER_KMS_LOG_DIR={kms_log_dir}"),
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode=0755
+ )
+
+ Execute(('ln','-sf', format('{kms_home}/ranger-kms'),'/usr/bin/ranger-kms'),
+ not_if=format('ls /usr/bin/ranger-kms'),
+ only_if=format('ls {kms_home}/ranger-kms'),
+ sudo=True)
+
+ File('/usr/bin/ranger-kms', mode = 0755)
+
+ Execute(('ln','-sf', format('{kms_home}/ranger-kms'),'/usr/bin/ranger-kms-services.sh'),
+ not_if=format('ls /usr/bin/ranger-kms-services.sh'),
+ only_if=format('ls {kms_home}/ranger-kms'),
+ sudo=True)
+
+ File('/usr/bin/ranger-kms-services.sh', mode = 0755)
+
+ Execute(('ln','-sf', format('{kms_home}/ranger-kms-initd'),format('{kms_home}/ranger-kms-services.sh')),
+ not_if=format('ls {kms_home}/ranger-kms-services.sh'),
+ only_if=format('ls {kms_home}/ranger-kms-initd'),
+ sudo=True)
+
+ File(format('{kms_home}/ranger-kms-services.sh'), mode = 0755)
+
+ Directory(params.kms_log_dir,
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0775
+ )
+
+ do_keystore_setup(params.credential_provider_path, params.jdbc_alias, params.db_password)
+ do_keystore_setup(params.credential_provider_path, params.masterkey_alias, params.kms_master_key_password)
+ if params.stack_support_kms_hsm and params.enable_kms_hsm:
+ do_keystore_setup(params.credential_provider_path, params.hms_partition_alias, unicode(params.hms_partition_passwd))
+ if params.stack_supports_ranger_kms_ssl and params.ranger_kms_ssl_enabled:
+ do_keystore_setup(params.ranger_kms_cred_ssl_path, params.ranger_kms_ssl_keystore_alias, params.ranger_kms_ssl_passwd)
+
+ # remove plain-text password from xml configs
+ dbks_site_copy = {}
+ dbks_site_copy.update(params.config['configurations']['dbks-site'])
+
+ for prop in params.dbks_site_password_properties:
+ if prop in dbks_site_copy:
+ dbks_site_copy[prop] = "_"
+
+ XmlConfig("dbks-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=dbks_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['dbks-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+
+ ranger_kms_site_copy = {}
+ ranger_kms_site_copy.update(params.config['configurations']['ranger-kms-site'])
+ if params.stack_supports_ranger_kms_ssl:
+ # remove plain-text password from xml configs
+ for prop in params.ranger_kms_site_password_properties:
+ if prop in ranger_kms_site_copy:
+ ranger_kms_site_copy[prop] = "_"
+
+ XmlConfig("ranger-kms-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=ranger_kms_site_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-kms-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+
+ XmlConfig("kms-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=params.config['configurations']['kms-site'],
+ configuration_attributes=params.config['configuration_attributes']['kms-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+
+ File(os.path.join(params.kms_conf_dir, "kms-log4j.properties"),
+ owner=params.kms_user,
+ group=params.kms_group,
+ content=InlineTemplate(params.kms_log4j),
+ mode=0644
+ )
+ if params.security_enabled:
+ # core-site.xml linking required by setup for HDFS encryption
+ XmlConfig("core-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=params.config['configurations']['core-site'],
+ configuration_attributes=params.config['configuration_attributes']['core-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+ else:
+ File(format('{kms_conf_dir}/core-site.xml'), action="delete")
+
+def copy_jdbc_connector(stack_version=None):
+ import params
+
+ if params.jdbc_jar_name is None and params.driver_curl_source.endswith("/None"):
+ error_message = "Error! Sorry, but we can't find jdbc driver related to {0} database to download from {1}. \
+ Please run 'ambari-server setup --jdbc-db={db_name} --jdbc-driver={path_to_jdbc} on server host.'".format(params.db_flavor, params.jdk_location)
+ Logger.error(error_message)
+
+ if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
+ if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
+ File(params.previous_jdbc_jar, action='delete')
+
+ kms_home = params.kms_home
+ if stack_version is not None:
+ kms_home = format("{stack_root}/{stack_version}/ranger-kms")
+
+ driver_curl_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
+
+ File(params.downloaded_custom_connector,
+ content = DownloadSource(params.driver_curl_source),
+ mode = 0644
+ )
+
+ Directory(os.path.join(kms_home, 'ews', 'lib'),
+ mode=0755
+ )
+
+ if params.db_flavor.lower() == 'sqla':
+ Execute(('tar', '-xvf', params.downloaded_custom_connector, '-C', params.tmp_dir), sudo = True)
+
+ Execute(('cp', '--remove-destination', params.jar_path_in_archive, os.path.join(kms_home, 'ews', 'webapp', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ Directory(params.jdbc_libs_dir,
+ cd_access="a",
+ create_parents=True)
+
+ Execute(as_sudo(['yes', '|', 'cp', params.libs_path_in_archive, params.jdbc_libs_dir], auto_escape=False),
+ path=["/bin", "/usr/bin/"])
+
+ File(os.path.join(kms_home, 'ews', 'webapp', 'lib', 'sajdbc4.jar'), mode=0644)
+ else:
+ Execute(('cp', '--remove-destination', params.downloaded_custom_connector, os.path.join(kms_home, 'ews', 'webapp', 'lib')),
+ path=["/bin", "/usr/bin/"],
+ sudo=True)
+
+ File(os.path.join(kms_home, 'ews', 'webapp', 'lib', params.jdbc_jar_name), mode=0644)
+
+ ModifyPropertiesFile(format("{kms_home}/install.properties"),
+ properties = params.config['configurations']['kms-properties'],
+ owner = params.kms_user
+ )
+
+ if params.db_flavor.lower() == 'sqla':
+ ModifyPropertiesFile(format("{kms_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{kms_home}/ews/webapp/lib/sajdbc4.jar')},
+ owner = params.kms_user,
+ )
+ else:
+ ModifyPropertiesFile(format("{kms_home}/install.properties"),
+ properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')},
+ owner = params.kms_user,
+ )
+
+def enable_kms_plugin():
+
+ import params
+
+ if params.has_ranger_admin:
+
+ ranger_flag = False
+
+ if params.stack_supports_ranger_kerberos and params.security_enabled:
+ if not is_empty(params.rangerkms_principal) and params.rangerkms_principal != '':
+ ranger_flag = check_ranger_service_support_kerberos(params.kms_user, params.rangerkms_keytab, params.rangerkms_principal)
+ else:
+ ranger_flag = check_ranger_service_support_kerberos(params.kms_user, params.spengo_keytab, params.spnego_principal)
+ else:
+ ranger_flag = check_ranger_service()
+
+ if not ranger_flag:
+ Logger.error('Error in Get/Create service for Ranger Kms.')
+
+ current_datetime = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+
+ File(format('{kms_conf_dir}/ranger-security.xml'),
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0644,
+ content = format('<ranger>\n<enabled>{current_datetime}</enabled>\n</ranger>')
+ )
+
+ Directory([os.path.join('/etc', 'ranger', params.repo_name), os.path.join('/etc', 'ranger', params.repo_name, 'policycache')],
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode=0775,
+ create_parents = True
+ )
+
+ File(os.path.join('/etc', 'ranger', params.repo_name, 'policycache',format('kms_{repo_name}.json')),
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0644
+ )
+
+ # remove plain-text password from xml configs
+ plugin_audit_properties_copy = {}
+ plugin_audit_properties_copy.update(params.config['configurations']['ranger-kms-audit'])
+
+ if params.plugin_audit_password_property in plugin_audit_properties_copy:
+ plugin_audit_properties_copy[params.plugin_audit_password_property] = "crypted"
+
+ XmlConfig("ranger-kms-audit.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=plugin_audit_properties_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-kms-audit'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0744)
+
+ XmlConfig("ranger-kms-security.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=params.config['configurations']['ranger-kms-security'],
+ configuration_attributes=params.config['configuration_attributes']['ranger-kms-security'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0744)
+
+ # remove plain-text password from xml configs
+ ranger_kms_policymgr_ssl_copy = {}
+ ranger_kms_policymgr_ssl_copy.update(params.config['configurations']['ranger-kms-policymgr-ssl'])
+
+ for prop in params.kms_plugin_password_properties:
+ if prop in ranger_kms_policymgr_ssl_copy:
+ ranger_kms_policymgr_ssl_copy[prop] = "crypted"
+
+ XmlConfig("ranger-policymgr-ssl.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=ranger_kms_policymgr_ssl_copy,
+ configuration_attributes=params.config['configuration_attributes']['ranger-kms-policymgr-ssl'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0744)
+
+ if params.xa_audit_db_is_enabled:
+ cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'auditDBCred', '-v', PasswordString(params.xa_audit_db_password), '-c', '1')
+ Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+ cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'sslKeyStore', '-v', PasswordString(params.ssl_keystore_password), '-c', '1')
+ Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+ cred_setup = params.cred_setup_prefix + ('-f', params.credential_file, '-k', 'sslTrustStore', '-v', PasswordString(params.ssl_truststore_password), '-c', '1')
+ Execute(cred_setup, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
+
+ File(params.credential_file,
+ owner = params.kms_user,
+ group = params.kms_group,
+ mode = 0640
+ )
+
+ # create ranger kms audit directory
+ if params.xa_audit_hdfs_is_enabled and params.has_namenode and params.has_hdfs_client_on_node:
+ params.HdfsResource("/ranger/audit",
+ type="directory",
+ action="create_on_execute",
+ owner=params.hdfs_user,
+ group=params.hdfs_user,
+ mode=0755,
+ recursive_chmod=True
+ )
+ params.HdfsResource("/ranger/audit/kms",
+ type="directory",
+ action="create_on_execute",
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0750,
+ recursive_chmod=True
+ )
+ params.HdfsResource(None, action="execute")
+
+ if params.xa_audit_hdfs_is_enabled and len(params.namenode_host) > 1:
+ Logger.info('Audit to Hdfs enabled in NameNode HA environment, creating hdfs-site.xml')
+ XmlConfig("hdfs-site.xml",
+ conf_dir=params.kms_conf_dir,
+ configurations=params.config['configurations']['hdfs-site'],
+ configuration_attributes=params.config['configuration_attributes']['hdfs-site'],
+ owner=params.kms_user,
+ group=params.kms_group,
+ mode=0644
+ )
+ else:
+ File(format('{kms_conf_dir}/hdfs-site.xml'), action="delete")
+
+def setup_kms_jce():
+ import params
+
+ if params.jce_name is not None:
+ Directory(params.jce_source_dir,
+ create_parents = True
+ )
+
+ jce_target = format('{jce_source_dir}/{jce_name}')
+
+ File(jce_target,
+ content = DownloadSource(format('{jdk_location}/{jce_name}')),
+ mode = 0644,
+ )
+
+ File([format("{java_home}/jre/lib/security/local_policy.jar"), format("{java_home}/jre/lib/security/US_export_policy.jar")],
+ action = "delete",
+ )
+
+ unzip_cmd = ("unzip", "-o", "-j", "-q", jce_target, "-d", format("{java_home}/jre/lib/security"))
+
+ Execute(unzip_cmd,
+ only_if = format("test -e {java_home}/jre/lib/security && test -f {jce_target}"),
+ path = ['/bin/','/usr/bin'],
+ sudo = True
+ )
+ else:
+ Logger.warning("Required jce policy zip is not available, need to setup manually")
+
+def check_ranger_service():
+ import params
+
+ policymgr_mgr_url = params.policymgr_mgr_url
+ if policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+ ranger_adm_obj = Rangeradmin(url=policymgr_mgr_url)
+ ambari_username_password_for_ranger = format("{ambari_ranger_admin}:{ambari_ranger_password}")
+ response_code = ranger_adm_obj.check_ranger_login_urllib2(policymgr_mgr_url)
+
+ if response_code is not None and response_code == 200:
+ user_resp_code = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password)
+ if user_resp_code is not None and user_resp_code == 200:
+ get_repo_flag = get_repo(policymgr_mgr_url, params.repo_name, ambari_username_password_for_ranger)
+ if not get_repo_flag:
+ return create_repo(policymgr_mgr_url, json.dumps(params.kms_ranger_plugin_repo), ambari_username_password_for_ranger)
+ else:
+ return True
+ else:
+ return False
+ else:
+ Logger.error('Ranger service is not reachable')
+ return False
+
+@safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail=False)
+def create_repo(url, data, usernamepassword):
+ try:
+ base_url = url + '/service/public/v2/api/service'
+ base64string = base64.encodestring('{0}'.format(usernamepassword)).replace('\n', '')
+ headers = {
+ 'Accept': 'application/json',
+ "Content-Type": "application/json"
+ }
+ request = urllib2.Request(base_url, data, headers)
+ request.add_header("Authorization", "Basic {0}".format(base64string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ response = json.loads(json.JSONEncoder().encode(result.read()))
+ if response_code == 200:
+ Logger.info('Repository created Successfully')
+ return True
+ else:
+ Logger.info('Repository not created')
+ return False
+ except urllib2.URLError, e:
+ if isinstance(e, urllib2.HTTPError):
+ raise Fail("Error creating service. Http status code - {0}. \n {1}".format(e.code, e.read()))
+ else:
+ raise Fail("Error creating service. Reason - {0}.".format(e.reason))
+ except socket.timeout as e:
+ raise Fail("Error creating service. Reason - {0}".format(e))
+
+@safe_retry(times=5, sleep_time=8, backoff_factor=1.5, err_class=Fail, return_on_fail=False)
+def get_repo(url, name, usernamepassword):
+ try:
+ base_url = url + '/service/public/v2/api/service?serviceName=' + name + '&serviceType=kms&isEnabled=true'
+ request = urllib2.Request(base_url)
+ base64string = base64.encodestring(usernamepassword).replace('\n', '')
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base64string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ response = json.loads(result.read())
+ if response_code == 200 and len(response) > 0:
+ for repo in response:
+ if repo.get('name').lower() == name.lower() and repo.has_key('name'):
+ Logger.info('KMS repository exist')
+ return True
+ else:
+ Logger.info('KMS repository doesnot exist')
+ return False
+ else:
+ Logger.info('KMS repository doesnot exist')
+ return False
+ except urllib2.URLError, e:
+ if isinstance(e, urllib2.HTTPError):
+ raise Fail("Error getting {0} service. Http status code - {1}. \n {2}".format(name, e.code, e.read()))
+ else:
+ raise Fail("Error getting {0} service. Reason - {1}.".format(name, e.reason))
+ except socket.timeout as e:
+ raise Fail("Error creating service. Reason - {0}".format(e))
+
+def check_ranger_service_support_kerberos(user, keytab, principal):
+ import params
+
+ policymgr_mgr_url = params.policymgr_mgr_url
+ if policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+ ranger_adm_obj = RangeradminV2(url=policymgr_mgr_url)
+ response_code = ranger_adm_obj.check_ranger_login_curl(user, keytab, principal, policymgr_mgr_url, True)
+
+ if response_code is not None and response_code[0] == 200:
+ get_repo_name_response = ranger_adm_obj.get_repository_by_name_curl(user, keytab, principal, params.repo_name, 'kms', 'true', is_keyadmin = True)
+ if get_repo_name_response is not None:
+ Logger.info('KMS repository {0} exist'.format(get_repo_name_response['name']))
+ return True
+ else:
+ create_repo_response = ranger_adm_obj.create_repository_curl(user, keytab, principal, params.repo_name, json.dumps(params.kms_ranger_plugin_repo), None, is_keyadmin = True)
+ if create_repo_response is not None and len(create_repo_response) > 0:
+ return True
+ else:
+ return False
+ else:
+ Logger.error('Ranger service is not reachable')
+ return False
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms_server.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms_server.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms_server.py
new file mode 100755
index 0000000..613931b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms_server.py
@@ -0,0 +1,117 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from resource_management.libraries.functions.default import default
+from kms import kms, setup_kms_db, setup_java_patch, enable_kms_plugin, setup_kms_jce
+from kms_service import kms_service
+import upgrade
+
+class KmsServer(Script):
+
+ def get_component_name(self):
+ return "ranger-kms"
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ setup_kms_db()
+ self.configure(env)
+ setup_java_patch()
+
+ def stop(self, env, upgrade_type=None):
+ import params
+
+ env.set_params(params)
+ kms_service(action = 'stop', upgrade_type=upgrade_type)
+ if params.stack_supports_pid:
+ File(params.ranger_kms_pid_file,
+ action = "delete"
+ )
+
+ def start(self, env, upgrade_type=None):
+ import params
+
+ env.set_params(params)
+ self.configure(env)
+ enable_kms_plugin()
+ setup_kms_jce()
+ kms_service(action = 'start', upgrade_type=upgrade_type)
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_kms_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangerkms | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+ if code != 0:
+ Logger.debug('KMS process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def configure(self, env):
+ import params
+
+ env.set_params(params)
+ kms()
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ upgrade.prestart(env, "ranger-kms")
+ kms(upgrade_type=upgrade_type)
+ setup_java_patch()
+
+ def setup_ranger_kms_database(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+ Logger.info(format('Setting Ranger KMS database schema, using version {stack_version}'))
+ setup_kms_db(stack_version=stack_version)
+
+ def get_log_folder(self):
+ import params
+ return params.kms_log_dir
+
+ def get_user(self):
+ import params
+ return params.kms_user
+
+if __name__ == "__main__":
+ KmsServer().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms_service.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms_service.py
new file mode 100644
index 0000000..2ff48c3
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/kms_service.py
@@ -0,0 +1,58 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.core.resources.system import Execute, File
+from resource_management.core import shell
+from resource_management.libraries.functions.format import format
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.core.logger import Logger
+from resource_management.libraries.functions.show_logs import show_logs
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+import os
+
+def kms_service(action='start', upgrade_type=None):
+ import params
+
+ env_dict = {'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH': params.ld_library_path}
+
+ if action == 'start':
+ no_op_test = format('ps -ef | grep proc_rangerkms | grep -v grep')
+ cmd = format('{kms_home}/ranger-kms start')
+ try:
+ Execute(cmd, not_if=no_op_test, environment=env_dict, user=format('{kms_user}'))
+ except:
+ show_logs(params.kms_log_dir, params.kms_user)
+ raise
+ elif action == 'stop':
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if os.path.isfile(format('{kms_home}/ranger-kms')):
+ File(format('{kms_home}/ranger-kms'),
+ owner=params.kms_user,
+ group = params.kms_group
+ )
+ cmd = format('{kms_home}/ranger-kms stop')
+ try:
+ Execute(cmd, environment=env_dict, user=format('{kms_user}'))
+ except:
+ show_logs(params.kms_log_dir, params.kms_user)
+ raise
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/params.py
new file mode 100755
index 0000000..003eee1
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/params.py
@@ -0,0 +1,331 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+import os
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions.stack_features import get_stack_feature_version
+from resource_management.libraries.functions import StackFeature
+from resource_management.libraries.functions.get_bare_principal import get_bare_principal
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.libraries.functions.setup_ranger_plugin_xml import generate_ranger_service_config
+from resource_management.libraries.resources.hdfs_resource import HdfsResource
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions import get_kinit_path
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+stack_root = Script.get_stack_root()
+
+stack_name = default("/hostLevelParams/stack_name", None)
+version = default("/commandParams/version", None)
+upgrade_direction = default("/commandParams/upgrade_direction", None)
+
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+
+# get the correct version to use for checking stack features
+version_for_stack_feature_checks = get_stack_feature_version(config)
+
+stack_supports_config_versioning = check_stack_feature(StackFeature.CONFIG_VERSIONING, version_for_stack_feature_checks)
+stack_support_kms_hsm = check_stack_feature(StackFeature.RANGER_KMS_HSM_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_kerberos = check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, version_for_stack_feature_checks)
+stack_supports_pid = check_stack_feature(StackFeature.RANGER_KMS_PID_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_audit_db = check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_kms_ssl = check_stack_feature(StackFeature.RANGER_KMS_SSL, version_for_stack_feature_checks)
+
+hadoop_conf_dir = conf_select.get_hadoop_conf_dir()
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+
+if stack_supports_config_versioning:
+ kms_home = format('{stack_root}/current/ranger-kms')
+ kms_conf_dir = format('{stack_root}/current/ranger-kms/conf')
+
+kms_log_dir = default("/configurations/kms-env/kms_log_dir", "/var/log/ranger/kms")
+java_home = config['hostLevelParams']['java_home']
+kms_user = default("/configurations/kms-env/kms_user", "kms")
+kms_group = default("/configurations/kms-env/kms_group", "kms")
+
+ranger_kms_audit_log_maxfilesize = default('/configurations/kms-log4j/ranger_kms_audit_log_maxfilesize',256)
+ranger_kms_audit_log_maxbackupindex = default('/configurations/kms-log4j/ranger_kms_audit_log_maxbackupindex',20)
+ranger_kms_log_maxfilesize = default('/configurations/kms-log4j/ranger_kms_log_maxfilesize',256)
+ranger_kms_log_maxbackupindex = default('/configurations/kms-log4j/ranger_kms_log_maxbackupindex',20)
+
+jdk_location = config['hostLevelParams']['jdk_location']
+kms_log4j = config['configurations']['kms-log4j']['content']
+
+# ranger host
+ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts'][0]
+has_ranger_admin = len(ranger_admin_hosts) > 0
+kms_host = config['clusterHostInfo']['ranger_kms_server_hosts'][0]
+kms_port = config['configurations']['kms-env']['kms_port']
+
+create_db_user = config['configurations']['kms-env']['create_db_user']
+
+#kms properties
+db_flavor = (config['configurations']['kms-properties']['DB_FLAVOR']).lower()
+db_host = config['configurations']['kms-properties']['db_host']
+db_name = config['configurations']['kms-properties']['db_name']
+db_user = config['configurations']['kms-properties']['db_user']
+db_password = unicode(config['configurations']['kms-properties']['db_password'])
+kms_master_key_password = unicode(config['configurations']['kms-properties']['KMS_MASTER_KEY_PASSWD'])
+credential_provider_path = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.credential.provider.path']
+jdbc_alias = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.credential.alias']
+masterkey_alias = config['configurations']['dbks-site']['ranger.ks.masterkey.credential.alias']
+repo_name = str(config['clusterName']) + '_kms'
+repo_name_value = config['configurations']['ranger-kms-security']['ranger.plugin.kms.service.name']
+if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
+ repo_name = repo_name_value
+cred_lib_path = os.path.join(kms_home,"cred","lib","*")
+cred_setup_prefix = (format('{kms_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
+credential_file = format('/etc/ranger/{repo_name}/cred.jceks')
+
+if has_ranger_admin:
+ policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url']
+ if 'admin-properties' in config['configurations'] and 'policymgr_external_url' in config['configurations']['admin-properties'] and policymgr_mgr_url.endswith('/'):
+ policymgr_mgr_url = policymgr_mgr_url.rstrip('/')
+ xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+ xa_audit_db_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
+ xa_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+ xa_audit_db_password = ''
+ if not is_empty(config['configurations']['admin-properties']['audit_db_password']) and stack_supports_ranger_audit_db:
+ xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password']
+ xa_db_host = config['configurations']['admin-properties']['db_host']
+
+ admin_uname = config['configurations']['ranger-env']['admin_username']
+ admin_password = config['configurations']['ranger-env']['admin_password']
+ ambari_ranger_admin = config['configurations']['ranger-env']['ranger_admin_username']
+ ambari_ranger_password = config['configurations']['ranger-env']['ranger_admin_password']
+ admin_uname_password = format("{admin_uname}:{admin_password}")
+ ranger_audit_solr_urls = config['configurations']['ranger-admin-site']['ranger.audit.solr.urls']
+
+default_connectors_map = { "mssql":"sqljdbc4.jar",
+ "mysql":"mysql-connector-java.jar",
+ "postgres":"postgresql-jdbc.jar",
+ "oracle":"ojdbc.jar",
+ "sqla":"sajdbc4.jar"}
+
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = None
+previous_jdbc_jar_name = None
+if db_flavor == 'mysql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
+ db_jdbc_url = format('jdbc:log4jdbc:mysql://{db_host}/{db_name}')
+ db_jdbc_driver = "com.mysql.jdbc.Driver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform"
+elif db_flavor == 'oracle':
+ jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
+ colon_count = db_host.count(':')
+ if colon_count == 2 or colon_count == 0:
+ db_jdbc_url = format('jdbc:oracle:thin:@{db_host}')
+ else:
+ db_jdbc_url = format('jdbc:oracle:thin:@//{db_host}')
+ db_jdbc_driver = "oracle.jdbc.OracleDriver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform"
+elif db_flavor == 'postgres':
+ jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
+ db_jdbc_url = format('jdbc:postgresql://{db_host}/{db_name}')
+ db_jdbc_driver = "org.postgresql.Driver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
+elif db_flavor == 'mssql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
+ db_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={db_name}')
+ db_jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform"
+elif db_flavor == 'sqla':
+ jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
+ db_jdbc_url = format('jdbc:sqlanywhere:database={db_name};host={db_host}')
+ db_jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLAnywherePlatform"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
+previous_jdbc_jar = format("{kms_home}/ews/webapp/lib/{previous_jdbc_jar_name}")
+ews_lib_jar_path = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}")
+
+if db_flavor == 'sqla':
+ downloaded_custom_connector = format("{tmp_dir}/sqla-client-jdbc.tar.gz")
+ jar_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/java/sajdbc4.jar")
+ libs_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/native/lib64/*")
+ jdbc_libs_dir = format("{kms_home}/native/lib64")
+ ld_library_path = format("{jdbc_libs_dir}")
+
+if has_ranger_admin:
+ xa_previous_jdbc_jar_name = None
+ if stack_supports_ranger_audit_db:
+ if xa_audit_db_flavor == 'mysql':
+ jdbc_jar = default("/hostLevelParams/custom_mysql_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}')
+ jdbc_driver = "com.mysql.jdbc.Driver"
+ elif xa_audit_db_flavor == 'oracle':
+ jdbc_jar = default("/hostLevelParams/custom_oracle_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
+ colon_count = xa_db_host.count(':')
+ if colon_count == 2 or colon_count == 0:
+ audit_jdbc_url = format('jdbc:oracle:thin:@{xa_db_host}')
+ else:
+ audit_jdbc_url = format('jdbc:oracle:thin:@//{xa_db_host}')
+ jdbc_driver = "oracle.jdbc.OracleDriver"
+ elif xa_audit_db_flavor == 'postgres':
+ jdbc_jar = default("/hostLevelParams/custom_postgres_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}')
+ jdbc_driver = "org.postgresql.Driver"
+ elif xa_audit_db_flavor == 'mssql':
+ jdbc_jar = default("/hostLevelParams/custom_mssql_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}')
+ jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"
+ elif xa_audit_db_flavor == 'sqla':
+ jdbc_jar = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
+ xa_previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlanywhere:database={xa_audit_db_name};host={xa_db_host}')
+ jdbc_driver = "sap.jdbc4.sqlanywhere.IDriver"
+
+ downloaded_connector_path = format("{tmp_dir}/{jdbc_jar}") if stack_supports_ranger_audit_db else None
+ driver_source = format("{jdk_location}/{jdbc_jar}") if stack_supports_ranger_audit_db else None
+ driver_target = format("{kms_home}/ews/webapp/lib/{jdbc_jar}") if stack_supports_ranger_audit_db else None
+ xa_previous_jdbc_jar = format("{kms_home}/ews/webapp/lib/{previous_jdbc_jar_name}") if stack_supports_ranger_audit_db else None
+
+repo_config_username = config['configurations']['kms-properties']['REPOSITORY_CONFIG_USERNAME']
+repo_config_password = unicode(config['configurations']['kms-properties']['REPOSITORY_CONFIG_PASSWORD'])
+
+kms_plugin_config = {
+ 'username' : repo_config_username,
+ 'password' : repo_config_password,
+ 'provider' : format('kms://http@{kms_host}:{kms_port}/kms')
+}
+
+xa_audit_db_is_enabled = False
+if stack_supports_ranger_audit_db:
+ xa_audit_db_is_enabled = config['configurations']['ranger-kms-audit']['xasecure.audit.destination.db']
+ssl_keystore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password'])
+ssl_truststore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password'])
+
+#For SQLA explicitly disable audit to DB for Ranger
+if xa_audit_db_flavor == 'sqla':
+ xa_audit_db_is_enabled = False
+
+current_host = config['hostname']
+ranger_kms_hosts = config['clusterHostInfo']['ranger_kms_server_hosts']
+if current_host in ranger_kms_hosts:
+ kms_host = current_host
+
+check_db_connection_jar_name = "DBConnectionVerification.jar"
+check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}")
+ranger_kms_jdbc_connection_url = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.url']
+ranger_kms_jdbc_driver = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.driver']
+
+jce_name = default("/hostLevelParams/jce_name", None)
+jce_source_dir = format('{tmp_dir}/jce_dir')
+
+#kms hsm support
+enable_kms_hsm = default("/configurations/dbks-site/ranger.ks.hsm.enabled", False)
+hms_partition_alias = default("/configurations/dbks-site/ranger.ks.hsm.partition.password.alias", "ranger.kms.hsm.partition.password")
+hms_partition_passwd = default("/configurations/kms-env/hsm_partition_password", None)
+
+# kms kerberos from stack 2.5 onward
+rangerkms_bare_principal = 'rangerkms'
+
+if stack_supports_ranger_kerberos:
+ if security_enabled:
+ rangerkms_principal = config['configurations']['dbks-site']['ranger.ks.kerberos.principal']
+ rangerkms_keytab = config['configurations']['dbks-site']['ranger.ks.kerberos.keytab']
+ if not is_empty(rangerkms_principal) and rangerkms_principal != '':
+ rangerkms_bare_principal = get_bare_principal(rangerkms_principal)
+ rangerkms_principal = rangerkms_principal.replace('_HOST', kms_host.lower())
+ kms_plugin_config['policy.download.auth.users'] = format('keyadmin,{rangerkms_bare_principal}')
+
+custom_ranger_service_config = generate_ranger_service_config(config['configurations']['kms-properties'])
+if len(custom_ranger_service_config) > 0:
+ kms_plugin_config.update(custom_ranger_service_config)
+
+kms_ranger_plugin_repo = {
+ 'isEnabled' : 'true',
+ 'configs' : kms_plugin_config,
+ 'description' : 'kms repo',
+ 'name' : repo_name,
+ 'type' : 'kms'
+}
+
+# ranger kms pid
+user_group = config['configurations']['cluster-env']['user_group']
+ranger_kms_pid_dir = default("/configurations/kms-env/ranger_kms_pid_dir", "/var/run/ranger_kms")
+ranger_kms_pid_file = format('{ranger_kms_pid_dir}/rangerkms.pid')
+
+if security_enabled:
+ spengo_keytab = config['configurations']['kms-site']['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab']
+ spnego_principal = config['configurations']['kms-site']['hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal']
+ spnego_principal = spnego_principal.replace('_HOST', current_host.lower())
+
+plugin_audit_password_property = 'xasecure.audit.destination.db.password'
+kms_plugin_password_properties = ['xasecure.policymgr.clientssl.keystore.password', 'xasecure.policymgr.clientssl.truststore.password']
+dbks_site_password_properties = ['ranger.db.encrypt.key.password', 'ranger.ks.jpa.jdbc.password', 'ranger.ks.hsm.partition.password']
+ranger_kms_site_password_properties = ['ranger.service.https.attrib.keystore.pass']
+ranger_kms_cred_ssl_path = config['configurations']['ranger-kms-site']['ranger.credential.provider.path']
+ranger_kms_ssl_keystore_alias = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.keystore.credential.alias']
+ranger_kms_ssl_passwd = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.keystore.pass']
+ranger_kms_ssl_enabled = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.ssl.enabled']
+
+xa_audit_hdfs_is_enabled = default("/configurations/ranger-kms-audit/xasecure.audit.destination.hdfs", False)
+namenode_host = default("/clusterHostInfo/namenode_host", [])
+
+# need this to capture cluster name from where ranger kms plugin is enabled
+cluster_name = config['clusterName']
+
+has_namenode = len(namenode_host) > 0
+
+hdfs_user = default("/configurations/hadoop-env/hdfs_user", None)
+hdfs_user_keytab = default("/configurations/hadoop-env/hdfs_user_keytab", None)
+hdfs_principal_name = default("/configurations/hadoop-env/hdfs_principal_name", None)
+default_fs = default("/configurations/core-site/fs.defaultFS", None)
+hdfs_site = config['configurations']['hdfs-site'] if has_namenode else None
+hadoop_bin_dir = stack_select.get_hadoop_dir("bin") if has_namenode else None
+kinit_path_local = get_kinit_path(default('/configurations/kerberos-env/executable_search_paths', None))
+
+import functools
+# create partial functions with common arguments for every HdfsResource call
+# to create/delete hdfs directory/file/copyfromlocal we need to call params.HdfsResource in code
+HdfsResource = functools.partial(
+ HdfsResource,
+ user=hdfs_user,
+ security_enabled = security_enabled,
+ keytab = hdfs_user_keytab,
+ kinit_path_local = kinit_path_local,
+ hadoop_bin_dir = hadoop_bin_dir,
+ hadoop_conf_dir = hadoop_conf_dir,
+ principal_name = hdfs_principal_name,
+ hdfs_site = hdfs_site,
+ default_fs = default_fs
+)
+
+local_component_list = default("/localComponents", [])
+has_hdfs_client_on_node = 'HDFS_CLIENT' in local_component_list
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/service_check.py
new file mode 100644
index 0000000..84e4e73
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/service_check.py
@@ -0,0 +1,41 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from resource_management.core.exceptions import ComponentIsNotRunning
+
+
+class KmsServiceCheck(Script):
+ def service_check(self, env):
+ import params
+
+ env.set_params(params)
+ cmd = 'ps -ef | grep proc_rangerkms | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+ if code == 0:
+ Logger.info('KMS process up and running')
+ else:
+ Logger.debug('KMS process not running')
+ raise ComponentIsNotRunning()
+
+if __name__ == "__main__":
+ KmsServiceCheck().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/status_params.py
new file mode 100644
index 0000000..34d0082
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/status_params.py
@@ -0,0 +1,36 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions import StackFeature
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+
+stack_name = default("/hostLevelParams/stack_name", None)
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KMS_PID_SUPPORT, stack_version_formatted)
+ranger_kms_pid_dir = default("/configurations/kms-env/ranger_kms_pid_dir", "/var/run/ranger_kms")
+ranger_kms_pid_file = format('{ranger_kms_pid_dir}/rangerkms.pid')
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/upgrade.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/upgrade.py
new file mode 100644
index 0000000..8478bb8
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/scripts/upgrade.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.resources.system import Execute
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions.format import format
+
+def prestart(env, stack_component):
+ import params
+
+ if params.version and params.stack_supports_config_versioning:
+ conf_select.select(params.stack_name, stack_component, params.version)
+ stack_select.select(stack_component, params.version)
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/templates/input.config-ranger-kms.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/templates/input.config-ranger-kms.json.j2 b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/templates/input.config-ranger-kms.json.j2
new file mode 100644
index 0000000..306fade
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/package/templates/input.config-ranger-kms.json.j2
@@ -0,0 +1,48 @@
+{#
+ # Licensed to the Apache Software Foundation (ASF) under one
+ # or more contributor license agreements. See the NOTICE file
+ # distributed with this work for additional information
+ # regarding copyright ownership. The ASF licenses this file
+ # to you under the Apache License, Version 2.0 (the
+ # "License"); you may not use this file except in compliance
+ # with the License. You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #}
+{
+ "input":[
+ {
+ "type":"ranger_kms",
+ "rowtype":"service",
+ "path":"{{default('/configurations/kms-env/kms_log_dir', '/var/log/ranger/kms')}}/kms.log"
+ }
+ ],
+ "filter":[
+ {
+ "filter":"grok",
+ "conditions":{
+ "fields":{
+ "type":[
+ "ranger_kms"
+ ]
+ }
+ },
+ "log4j_format":"%d{ISO8601} %-5p %c{1} - %m%n",
+ "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})",
+ "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
+ "post_map_values":{
+ "logtime":{
+ "map_date":{
+ "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS"
+ }
+ }
+ }
+ }
+ ]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/role_command_order.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/role_command_order.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/role_command_order.json
new file mode 100644
index 0000000..7ddab41
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/role_command_order.json
@@ -0,0 +1,7 @@
+{
+ "general_deps" : {
+ "_comment" : "dependencies for RANGER-KMS",
+ "RANGER_KMS_SERVER-START" : ["RANGER_ADMIN-START", "NAMENODE-START"],
+ "RANGER_KMS_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_KMS_SERVER-START"]
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/service_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/service_advisor.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/service_advisor.py
new file mode 100644
index 0000000..b81e05b
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/service_advisor.py
@@ -0,0 +1,358 @@
+#!/usr/bin/env ambari-python-wrap
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+# Python imports
+import imp
+import os
+import traceback
+import re
+import socket
+import fnmatch
+
+
+from resource_management.core.logger import Logger
+
+SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
+STACKS_DIR = os.path.join(SCRIPT_DIR, '../../../stacks/')
+PARENT_FILE = os.path.join(STACKS_DIR, 'service_advisor.py')
+
+try:
+ with open(PARENT_FILE, 'rb') as fp:
+ service_advisor = imp.load_module('service_advisor', fp, PARENT_FILE, ('.py', 'rb', imp.PY_SOURCE))
+except Exception as e:
+ traceback.print_exc()
+ print "Failed to load parent"
+
+DB_TYPE_DEFAULT_PORT_MAP = {"MYSQL":"3306", "ORACLE":"1521", "POSTGRES":"5432", "MSSQL":"1433", "SQLA":"2638"}
+
+class Ranger_KMSServiceAdvisor(service_advisor.ServiceAdvisor):
+
+ def __init__(self, *args, **kwargs):
+ self.as_super = super(Ranger_KMSServiceAdvisor, self)
+ self.as_super.__init__(*args, **kwargs)
+
+ # Always call these methods
+ self.modifyMastersWithMultipleInstances()
+ self.modifyCardinalitiesDict()
+ self.modifyHeapSizeProperties()
+ self.modifyNotValuableComponents()
+ self.modifyComponentsNotPreferableOnServer()
+ self.modifyComponentLayoutSchemes()
+
+ def modifyMastersWithMultipleInstances(self):
+ """
+ Modify the set of masters with multiple instances.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyCardinalitiesDict(self):
+ """
+ Modify the dictionary of cardinalities.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyHeapSizeProperties(self):
+ """
+ Modify the dictionary of heap size properties.
+ Must be overriden in child class.
+ """
+ pass
+
+ def modifyNotValuableComponents(self):
+ """
+ Modify the set of components whose host assignment is based on other services.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyComponentsNotPreferableOnServer(self):
+ """
+ Modify the set of components that are not preferable on the server.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyComponentLayoutSchemes(self):
+ """
+ Modify layout scheme dictionaries for components.
+ The scheme dictionary basically maps the number of hosts to
+ host index where component should exist.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def getServiceComponentLayoutValidations(self, services, hosts):
+ """
+ Get a list of errors.
+ Must be overriden in child class.
+ """
+
+ return []
+
+ def getServiceConfigurationRecommendations(self, configurations, clusterData, services, hosts):
+ """
+ Entry point.
+ Must be overriden in child class.
+ """
+ # Logger.info("Class: %s, Method: %s. Recommending Service Configurations." %
+ # (self.__class__.__name__, inspect.stack()[0][3]))
+
+ recommender = RangerKMSRecommender()
+ recommender.recommendRangerKMSConfigurationsFromHDP23(configurations, clusterData, services, hosts)
+ recommender.recommendRangerKMSConfigurationsFromHDP25(configurations, clusterData, services, hosts)
+ recommender.recommendRangerKMSConfigurationsFromHDP26(configurations, clusterData, services, hosts)
+
+ def getServiceConfigurationsValidationItems(self, configurations, recommendedDefaults, services, hosts):
+ """
+ Entry point.
+ Validate configurations for the service. Return a list of errors.
+ The code for this function should be the same for each Service Advisor.
+ """
+ # Logger.info("Class: %s, Method: %s. Validating Configurations." %
+ # (self.__class__.__name__, inspect.stack()[0][3]))
+
+ validator = RangerKMSValidator()
+ # Calls the methods of the validator using arguments,
+ # method(siteProperties, siteRecommendations, configurations, services, hosts)
+ return validator.validateListOfConfigUsingMethod(configurations, recommendedDefaults, services, hosts, validator.validators)
+
+class RangerKMSRecommender(service_advisor.ServiceAdvisor):
+ """
+ RangerKMS Recommender suggests properties when adding the service for the first time or modifying configs via the UI.
+ """
+
+ def __init__(self, *args, **kwargs):
+ self.as_super = super(RangerKMSRecommender, self)
+ self.as_super.__init__(*args, **kwargs)
+
+ def recommendRangerKMSConfigurationsFromHDP23(self, configurations, clusterData, services, hosts):
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ putRangerKmsDbksProperty = self.putProperty(configurations, "dbks-site", services)
+ putRangerKmsProperty = self.putProperty(configurations, "kms-properties", services)
+ kmsEnvProperties = self.getSiteProperties(services['configurations'], 'kms-env')
+ putCoreSiteProperty = self.putProperty(configurations, "core-site", services)
+ putCoreSitePropertyAttribute = self.putPropertyAttribute(configurations, "core-site")
+ putRangerKmsAuditProperty = self.putProperty(configurations, "ranger-kms-audit", services)
+ security_enabled = self.isSecurityEnabled(services)
+ putRangerKmsSiteProperty = self.putProperty(configurations, "kms-site", services)
+ putRangerKmsSitePropertyAttribute = self.putPropertyAttribute(configurations, "kms-site")
+
+ if 'kms-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['kms-properties']['properties']):
+
+ rangerKmsDbFlavor = services['configurations']["kms-properties"]["properties"]["DB_FLAVOR"]
+
+ if ('db_host' in services['configurations']['kms-properties']['properties']) and ('db_name' in services['configurations']['kms-properties']['properties']):
+
+ rangerKmsDbHost = services['configurations']["kms-properties"]["properties"]["db_host"]
+ rangerKmsDbName = services['configurations']["kms-properties"]["properties"]["db_name"]
+
+ ranger_kms_db_url_dict = {
+ 'MYSQL': {'ranger.ks.jpa.jdbc.driver': 'com.mysql.jdbc.Driver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + '/' + rangerKmsDbName},
+ 'ORACLE': {'ranger.ks.jpa.jdbc.driver': 'oracle.jdbc.driver.OracleDriver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost, rangerKmsDbName)},
+ 'POSTGRES': {'ranger.ks.jpa.jdbc.driver': 'org.postgresql.Driver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + '/' + rangerKmsDbName},
+ 'MSSQL': {'ranger.ks.jpa.jdbc.driver': 'com.microsoft.sqlserver.jdbc.SQLServerDriver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + ';databaseName=' + rangerKmsDbName},
+ 'SQLA': {'ranger.ks.jpa.jdbc.driver': 'sap.jdbc4.sqlanywhere.IDriver',
+ 'ranger.ks.jpa.jdbc.url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + ';database=' + rangerKmsDbName}
+ }
+
+ rangerKmsDbProperties = ranger_kms_db_url_dict.get(rangerKmsDbFlavor, ranger_kms_db_url_dict['MYSQL'])
+ for key in rangerKmsDbProperties:
+ putRangerKmsDbksProperty(key, rangerKmsDbProperties.get(key))
+
+ if kmsEnvProperties and self.checkSiteProperties(kmsEnvProperties, 'kms_user') and 'KERBEROS' in servicesList:
+ kmsUser = kmsEnvProperties['kms_user']
+ kmsUserOld = self.getOldValue(services, 'kms-env', 'kms_user')
+ self.put_proxyuser_value(kmsUser, '*', is_groups=True, services=services, configurations=configurations, put_function=putCoreSiteProperty)
+ if kmsUserOld is not None and kmsUser != kmsUserOld:
+ putCoreSitePropertyAttribute("hadoop.proxyuser.{0}.groups".format(kmsUserOld), 'delete', 'true')
+ services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(kmsUserOld)})
+ services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(kmsUser)})
+
+ if "HDFS" in servicesList:
+ if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
+ default_fs = services['configurations']['core-site']['properties']['fs.defaultFS']
+ putRangerKmsAuditProperty('xasecure.audit.destination.hdfs.dir', '{0}/{1}/{2}'.format(default_fs,'ranger','audit'))
+
+ required_services = [{'service' : 'YARN', 'config-type': 'yarn-env', 'property-name': 'yarn_user', 'proxy-category': ['hosts', 'users', 'groups']},
+ {'service' : 'SPARK', 'config-type': 'livy-env', 'property-name': 'livy_user', 'proxy-category': ['hosts', 'users', 'groups']}]
+
+ required_services_for_secure = [{'service' : 'HIVE', 'config-type': 'hive-env', 'property-name': 'hive_user', 'proxy-category': ['hosts', 'users']},
+ {'service' : 'OOZIE', 'config-type': 'oozie-env', 'property-name': 'oozie_user', 'proxy-category': ['hosts', 'users']}]
+
+ if security_enabled:
+ required_services.extend(required_services_for_secure)
+
+ # recommendations for kms proxy related properties
+ self.recommendKMSProxyUsers(configurations, services, hosts, required_services)
+
+ ambari_user = self.getAmbariUser(services)
+ if security_enabled:
+ # adding for ambari user
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.users'.format(ambari_user), '*')
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.hosts'.format(ambari_user), '*')
+ # adding for HTTP
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.HTTP.users', '*')
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.HTTP.hosts', '*')
+ else:
+ self.deleteKMSProxyUsers(configurations, services, hosts, required_services_for_secure)
+ # deleting ambari user proxy properties
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.hosts'.format(ambari_user), 'delete', 'true')
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.users'.format(ambari_user), 'delete', 'true')
+ # deleting HTTP proxy properties
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.HTTP.hosts', 'delete', 'true')
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.HTTP.users', 'delete', 'true')
+
+ def recommendRangerKMSConfigurationsFromHDP25(self, configurations, clusterData, services, hosts):
+
+ security_enabled = self.isSecurityEnabled(services)
+ required_services = [{'service' : 'RANGER', 'config-type': 'ranger-env', 'property-name': 'ranger_user', 'proxy-category': ['hosts', 'users', 'groups']}]
+
+ if security_enabled:
+ # recommendations for kms proxy related properties
+ self.recommendKMSProxyUsers(configurations, services, hosts, required_services)
+ else:
+ self.deleteKMSProxyUsers(configurations, services, hosts, required_services)
+
+ def recommendRangerKMSConfigurationsFromHDP26(self, configurations, clusterData, services, hosts):
+ putRangerKmsEnvProperty = self.putProperty(configurations, "kms-env", services)
+
+ ranger_kms_ssl_enabled = False
+ ranger_kms_ssl_port = "9393"
+ if 'ranger-kms-site' in services['configurations'] and 'ranger.service.https.attrib.ssl.enabled' in services['configurations']['ranger-kms-site']['properties']:
+ ranger_kms_ssl_enabled = services['configurations']['ranger-kms-site']['properties']['ranger.service.https.attrib.ssl.enabled'].lower() == "true"
+
+ if 'ranger-kms-site' in services['configurations'] and 'ranger.service.https.port' in services['configurations']['ranger-kms-site']['properties']:
+ ranger_kms_ssl_port = services['configurations']['ranger-kms-site']['properties']['ranger.service.https.port']
+
+ if ranger_kms_ssl_enabled:
+ putRangerKmsEnvProperty("kms_port", ranger_kms_ssl_port)
+ else:
+ putRangerKmsEnvProperty("kms_port", "9292")
+
+ def getDBConnectionHostPort(self, db_type, db_host):
+ connection_string = ""
+ if db_type is None or db_type == "":
+ return connection_string
+ else:
+ colon_count = db_host.count(':')
+ if colon_count == 0:
+ if DB_TYPE_DEFAULT_PORT_MAP.has_key(db_type):
+ connection_string = db_host + ":" + DB_TYPE_DEFAULT_PORT_MAP[db_type]
+ else:
+ connection_string = db_host
+ elif colon_count == 1:
+ connection_string = db_host
+ elif colon_count == 2:
+ connection_string = db_host
+
+ return connection_string
+
+ def getOracleDBConnectionHostPort(self, db_type, db_host, rangerDbName):
+ connection_string = self.getDBConnectionHostPort(db_type, db_host)
+ colon_count = db_host.count(':')
+ if colon_count == 1 and '/' in db_host:
+ connection_string = "//" + connection_string
+ elif colon_count == 0 or colon_count == 1:
+ connection_string = "//" + connection_string + "/" + rangerDbName if rangerDbName else "//" + connection_string
+
+ return connection_string
+
+ def recommendKMSProxyUsers(self, configurations, services, hosts, requiredServices):
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ putRangerKmsSiteProperty = self.putProperty(configurations, "kms-site", services)
+ putRangerKmsSitePropertyAttribute = self.putPropertyAttribute(configurations, "kms-site")
+
+ if 'forced-configurations' not in services:
+ services["forced-configurations"] = []
+
+ for index in range(len(requiredServices)):
+ service = requiredServices[index]['service']
+ config_type = requiredServices[index]['config-type']
+ property_name = requiredServices[index]['property-name']
+ proxy_category = requiredServices[index]['proxy-category']
+
+ if service in servicesList:
+ if config_type in services['configurations'] and property_name in services['configurations'][config_type]['properties']:
+ service_user = services['configurations'][config_type]['properties'][property_name]
+ service_old_user = self.getOldValue(services, config_type, property_name)
+
+ if 'groups' in proxy_category:
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.groups'.format(service_user), '*')
+ if 'hosts' in proxy_category:
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.hosts'.format(service_user), '*')
+ if 'users' in proxy_category:
+ putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.users'.format(service_user), '*')
+
+ if service_old_user is not None and service_user != service_old_user:
+ if 'groups' in proxy_category:
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.groups'.format(service_old_user), 'delete', 'true')
+ services["forced-configurations"].append({"type" : "kms-site", "name" : "hadoop.kms.proxyuser.{0}.groups".format(service_old_user)})
+ services["forced-configurations"].append({"type" : "kms-site", "name" : "hadoop.kms.proxyuser.{0}.groups".format(service_user)})
+ if 'hosts' in proxy_category:
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.hosts'.format(service_old_user), 'delete', 'true')
+ services["forced-configurations"].append({"type" : "kms-site", "name" : "hadoop.kms.proxyuser.{0}.hosts".format(service_old_user)})
+ services["forced-configurations"].append({"type" : "kms-site", "name" : "hadoop.kms.proxyuser.{0}.hosts".format(service_user)})
+ if 'users' in proxy_category:
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.users'.format(service_old_user), 'delete', 'true')
+ services["forced-configurations"].append({"type" : "kms-site", "name" : "hadoop.kms.proxyuser.{0}.users".format(service_old_user)})
+ services["forced-configurations"].append({"type" : "kms-site", "name" : "hadoop.kms.proxyuser.{0}.users".format(service_user)})
+
+ def deleteKMSProxyUsers(self, configurations, services, hosts, requiredServices):
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ putRangerKmsSitePropertyAttribute = self.putPropertyAttribute(configurations, "kms-site")
+
+ for index in range(len(requiredServices)):
+ service = requiredServices[index]['service']
+ config_type = requiredServices[index]['config-type']
+ property_name = requiredServices[index]['property-name']
+ proxy_category = requiredServices[index]['proxy-category']
+
+ if service in servicesList:
+ if config_type in services['configurations'] and property_name in services['configurations'][config_type]['properties']:
+ service_user = services['configurations'][config_type]['properties'][property_name]
+
+ if 'groups' in proxy_category:
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.groups'.format(service_user), 'delete', 'true')
+ if 'hosts' in proxy_category:
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.hosts'.format(service_user), 'delete', 'true')
+ if 'users' in proxy_category:
+ putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.users'.format(service_user), 'delete', 'true')
+
+class RangerKMSValidator(service_advisor.ServiceAdvisor):
+ """
+ RangerKMS Validator checks the correctness of properties whenever the service is first added or the user attempts to
+ change configs via the UI.
+ """
+
+ def __init__(self, *args, **kwargs):
+ self.as_super = super(RangerKMSValidator, self)
+ self.as_super.__init__(*args, **kwargs)
+
+ self.validators = []
[11/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_2.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_2.json
deleted file mode 100644
index cbd27e4..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_2.json
+++ /dev/null
@@ -1,1470 +0,0 @@
-{
- "name": "default",
- "description": "Default theme for Ranger service",
- "configuration": {
- "layouts": [
- {
- "name": "default",
- "tabs": [
- {
- "name": "ranger_admin_settings",
- "display-name": "Ranger Admin",
- "layout": {
- "tab-columns": "2",
- "tab-rows": "2",
- "sections": [
- {
- "name": "section-ranger-admin",
- "display-name": "Ranger Admin",
- "row-index": "0",
- "column-index": "0",
- "row-span": "3",
- "column-span": "2",
- "section-columns": "2",
- "section-rows": "3",
- "subsections": [
- {
- "name": "subsection-ranger-db-row1-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-ranger-db-row1-col2",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-ranger-db-row2",
- "row-index": "1",
- "column-index": "0",
- "row-span": "1",
- "column-span": "2"
- },
- {
- "name": "subsection-ranger-db-root-user-col1",
- "row-index": "2",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/create_db_dbuser"
- ],
- "if": "${ranger-env/create_db_dbuser}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "name": "subsection-ranger-db-root-user-col2",
- "row-index": "2",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/create_db_dbuser"
- ],
- "if": "${ranger-env/create_db_dbuser}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- }
- ]
- }
- ]
- }
- },
- {
- "name": "ranger_user_info",
- "display-name": "Ranger User Info",
- "layout": {
- "tab-columns": "1",
- "tab-rows": "1",
- "sections": [
- {
- "name": "section-user-info",
- "display-name": "Ranger User Info",
- "row-index": "0",
- "column-index": "0",
- "row-span": "2",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "2",
- "subsections": [
- {
- "name": "subsection-ranger-user-row1-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-ranger-user-row2-col1",
- "row-index": "1",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "subsection-tabs": [
- {
- "name": "ldap-common-configs",
- "display-name": "Common Configs",
- "depends-on": [
- {
- "configs": [
- "ranger-ugsync-site/ranger.usersync.source.impl.class"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "name": "ldap-user-configs",
- "display-name": "User Configs",
- "depends-on": [
- {
- "configs": [
- "ranger-ugsync-site/ranger.usersync.source.impl.class"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "name": "ldap-group-configs",
- "display-name": "Group Configs",
- "depends-on": [
- {
- "configs": [
- "ranger-ugsync-site/ranger.usersync.source.impl.class"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- }
- ],
- "depends-on": [
- {
- "configs": [
- "ranger-ugsync-site/ranger.usersync.enabled"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.enabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- }
- ]
- }
- ]
- }
- },
- {
- "name": "ranger_plugin",
- "display-name": "Ranger Plugin",
- "layout": {
- "tab-columns": "1",
- "tab-rows": "1",
- "sections": [
- {
- "name": "section-ranger-plugin",
- "display-name": "Ranger Plugin",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "3",
- "section-columns": "3",
- "section-rows": "1",
- "subsections": [
- {
- "name": "section-ranger-plugin-row1-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "section-ranger-plugin-row1-col2",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "section-ranger-plugin-row1-col3",
- "row-index": "0",
- "column-index": "2",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- }
- ]
- }
- },
- {
- "name": "ranger_audit_settings",
- "display-name": "Ranger Audit",
- "layout": {
- "tab-columns": "2",
- "tab-rows": "2",
- "sections": [
- {
- "name": "section-ranger-audit-solr",
- "display-name": "Audit to Solr",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-solr-row1-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- },
- {
- "name": "section-ranger-audit-hdfs",
- "display-name": "Audit to HDFS",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-hdfs-row1-col2",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- },
- {
- "name": "section-ranger-audit-db",
- "display-name": "Audit to DB",
- "row-index": "1",
- "column-index": "0",
- "row-span": "1",
- "column-span": "2",
- "section-columns": "2",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-audit-db-row2-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-ranger-audit-db-row2-col2",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- }
- ]
- }
- }
- ]
- }
- ],
- "placement": {
- "configuration-layout": "default",
- "configs": [
- {
- "config": "admin-properties/DB_FLAVOR",
- "subsection-name": "subsection-ranger-db-row1-col1"
- },
- {
- "config": "admin-properties/db_name",
- "subsection-name": "subsection-ranger-db-row1-col1"
- },
- {
- "config": "admin-properties/db_user",
- "subsection-name": "subsection-ranger-db-row1-col1"
- },
- {
- "config": "ranger-admin-site/ranger.jpa.jdbc.url",
- "subsection-name": "subsection-ranger-db-row1-col1"
- },
- {
- "config": "admin-properties/db_host",
- "subsection-name": "subsection-ranger-db-row1-col2"
- },
- {
- "config": "ranger-admin-site/ranger.jpa.jdbc.driver",
- "subsection-name": "subsection-ranger-db-row1-col2"
- },
- {
- "config": "admin-properties/db_password",
- "subsection-name": "subsection-ranger-db-row1-col2"
- },
- {
- "config": "ranger-env/test_db_connection",
- "subsection-name": "subsection-ranger-db-row2",
- "property_value_attributes": {
- "ui_only_property": true
- },
- "depends-on": [
- {
- "configs":[
- "ranger-env/create_db_dbuser"
- ],
- "if": "${ranger-env/create_db_dbuser}",
- "then": {
- "property_value_attributes": {
- "visible": false
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": true
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/create_db_dbuser",
- "subsection-name": "subsection-ranger-db-row2"
- },
- {
- "config": "admin-properties/db_root_user",
- "subsection-name": "subsection-ranger-db-root-user-col1"
- },
- {
- "config": "ranger-env/ranger_privelege_user_jdbc_url",
- "subsection-name": "subsection-ranger-db-root-user-col1"
- },
- {
- "config": "admin-properties/db_root_password",
- "subsection-name": "subsection-ranger-db-root-user-col2"
- },
- {
- "config": "ranger-env/test_root_db_connection",
- "subsection-name": "subsection-ranger-db-root-user-col1",
- "property_value_attributes": {
- "ui_only_property": true
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.enabled",
- "subsection-name": "subsection-ranger-user-row1-col1"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.source.impl.class",
- "subsection-name": "subsection-ranger-user-row2-col1"
- },
-
- {
- "config": "ranger-ugsync-site/ranger.usersync.unix.minUserId",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.source.impl.class"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.UnixUserGroupBuilder",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.unix.password.file",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.source.impl.class"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.UnixUserGroupBuilder",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.unix.group.file",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.source.impl.class"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.UnixUserGroupBuilder",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.filesource.file",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.source.impl.class"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.filesource.text.delimiter",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.source.impl.class"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.url",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs"
- },
- {
- "config": "ranger-env/bind_anonymous",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.binddn",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-env/bind_anonymous"
- ],
- "if": "${ranger-env/bind_anonymous}",
- "then": {
- "property_value_attributes": {
- "visible": false
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": true
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.ldapbindpassword",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-env/bind_anonymous"
- ],
- "if": "${ranger-env/bind_anonymous}",
- "then": {
- "property_value_attributes": {
- "visible": false
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": true
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.nameattribute",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.objectclass",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchbase",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchfilter",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchscope",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.groupnameattribute",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.usermapsyncenabled",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.searchenabled",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-group-configs"
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.memberattributename",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-group-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.group.searchenabled"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.nameattribute",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-group-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.group.searchenabled"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.objectclass",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-group-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.group.searchenabled"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.searchbase",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-group-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.group.searchenabled"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.searchfilter",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-group-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.group.searchenabled"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-hdfs-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col1",
- "depends-on": [
- {
- "resource": "service",
- "if": "HDFS",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-yarn-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col1",
- "depends-on": [
- {
- "resource": "service",
- "if": "YARN",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-hive-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col1",
- "depends-on": [
- {
- "resource": "service",
- "if": "HIVE",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-hbase-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col2",
- "depends-on": [
- {
- "resource": "service",
- "if": "HBASE",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-storm-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col2",
- "depends-on": [
- {
- "resource": "service",
- "if": "STORM",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-knox-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col3",
- "depends-on": [
- {
- "resource": "service",
- "if": "KNOX",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-kafka-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col3",
- "depends-on": [
- {
- "resource": "service",
- "if": "KAFKA",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/xasecure.audit.destination.db",
- "subsection-name": "subsection-ranger-audit-db-row2-col1"
- },
- {
- "config": "admin-properties/audit_db_user",
- "subsection-name": "subsection-ranger-audit-db-row2-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.db"
- ],
- "if": "${ranger-env/xasecure.audit.destination.db}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "admin-properties/audit_db_name",
- "subsection-name": "subsection-ranger-audit-db-row2-col2",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.db"
- ],
- "if": "${ranger-env/xasecure.audit.destination.db}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "admin-properties/audit_db_password",
- "subsection-name": "subsection-ranger-audit-db-row2-col2",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.db"
- ],
- "if": "${ranger-env/xasecure.audit.destination.db}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/xasecure.audit.destination.solr",
- "subsection-name": "subsection-ranger-solr-row1-col1"
- },
- {
- "config": "ranger-env/is_solrCloud_enabled",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.urls",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/is_solrCloud_enabled",
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/is_solrCloud_enabled} === false && ${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/is_solrCloud_enabled",
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/is_solrCloud_enabled} && ${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.username",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.password",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs",
- "subsection-name": "subsection-ranger-hdfs-row1-col2"
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
- "subsection-name": "subsection-ranger-hdfs-row1-col2",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.hdfs"
- ],
- "if": "${ranger-env/xasecure.audit.destination.hdfs}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- }
- ]
- },
- "widgets": [
- {
- "config": "admin-properties/DB_FLAVOR",
- "widget": {
- "type": "combo"
- }
- },
- {
- "config": "admin-properties/db_user",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/db_name",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-admin-site/ranger.jpa.jdbc.url",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-admin-site/ranger.jpa.jdbc.driver",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/db_host",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/db_password",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "ranger-env/test_db_connection",
- "widget": {
- "type": "test-db-connection",
- "display-name": "Test Connection",
- "required-properties": {
- "jdbc.driver.class": "ranger-admin-site/ranger.jpa.jdbc.driver",
- "jdbc.driver.url": "ranger-admin-site/ranger.jpa.jdbc.url",
- "db.connection.source.host": "ranger-site/ranger_admin_hosts",
- "db.type": "admin-properties/DB_FLAVOR",
- "db.connection.destination.host": "admin-properties/db_host",
- "db.connection.user": "admin-properties/db_user",
- "db.connection.password": "admin-properties/db_password"
- }
- }
- },
- {
- "config": "ranger-env/create_db_dbuser",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger_privelege_user_jdbc_url",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/db_root_user",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/db_root_password",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "ranger-env/test_root_db_connection",
- "widget": {
- "type": "test-db-connection",
- "display-name": "Test Connection",
- "required-properties": {
- "jdbc.driver.class": "ranger-admin-site/ranger.jpa.jdbc.driver",
- "jdbc.driver.url": "ranger-env/ranger_privelege_user_jdbc_url",
- "db.connection.source.host": "ranger-site/ranger_admin_hosts",
- "db.type": "admin-properties/DB_FLAVOR",
- "db.connection.destination.host": "admin-properties/db_host",
- "db.connection.user": "admin-properties/db_root_user",
- "db.connection.password": "admin-properties/db_root_password"
- }
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.source.impl.class",
- "widget": {
- "type": "combo"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.url",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-env/bind_anonymous",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.binddn",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.ldapbindpassword",
- "widget": {
- "type": "password"
- }
- },
-
- {
- "config": "ranger-ugsync-site/ranger.usersync.enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.usermapsyncenabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.nameattribute",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.objectclass",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchbase",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchfilter",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchscope",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.user.groupnameattribute",
- "widget": {
- "type": "text-field"
- }
- },
-
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.searchenabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.memberattributename",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.nameattribute",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.objectclass",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.searchbase",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.searchfilter",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.unix.minUserId",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.unix.password.file",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.unix.group.file",
- "widget": {
- "type": "text-field"
- }
- },
-
- {
- "config": "ranger-ugsync-site/ranger.usersync.filesource.file",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.filesource.text.delimiter",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-env/ranger-hdfs-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-hive-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-hbase-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-kafka-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-knox-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-storm-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-yarn-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.db",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "admin-properties/audit_db_user",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/audit_db_name",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/audit_db_password",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.solr",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/is_solrCloud_enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.urls",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.username",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.password",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
- "widget": {
- "type": "text-field"
- }
- }
- ]
- }
-}
-
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_3.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_3.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_3.json
deleted file mode 100644
index cbe28a3..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_3.json
+++ /dev/null
@@ -1,692 +0,0 @@
-{
- "configuration": {
- "layouts": [
- {
- "name": "default",
- "tabs": [
- {
- "name": "ranger_audit_settings",
- "display-name": "Ranger Audit",
- "layout": {
- "tab-columns": "2",
- "tab-rows": "2",
- "sections": [
- {
- "name": "section-ranger-audit-solr",
- "display-name": "Audit to Solr",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-solr-row1-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- },
- {
- "name": "section-ranger-audit-hdfs",
- "display-name": "Audit to HDFS",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-hdfs-row1-col2",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- }
- ]
- }
- },
- {
- "name": "ranger_tagsync",
- "display-name": "Ranger Tagsync",
- "layout": {
- "tab-columns": "2",
- "tab-rows": "2",
- "sections": [
- {
- "name": "section-tagsync-atlas",
- "display-name": "Atlas Tag Source",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-tagsync-row1-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- },
- {
- "name": "section-tagsync-atlasrest",
- "display-name": "AtlasRest Tag Source",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-tagsync-row1-col2",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- },
- {
- "name": "section-tagsync-file",
- "display-name": "File Tag Source",
- "row-index": "1",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-tagsync-row2-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- }
- ]
- }
- }
- ]
- }
- ],
- "placement": {
- "configuration-layout": "default",
- "configs": [
- {
- "config": "ranger-env/ranger-atlas-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col2",
- "depends-on": [
- {
- "resource": "service",
- "if": "ATLAS",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.atlas",
- "subsection-name": "subsection-ranger-tagsync-row1-col1"
- },
- {
- "config": "tagsync-application-properties/atlas.kafka.bootstrap.servers",
- "subsection-name": "subsection-ranger-tagsync-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-tagsync-site/ranger.tagsync.source.atlas"
- ],
- "if": "${ranger-tagsync-site/ranger.tagsync.source.atlas}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "tagsync-application-properties/atlas.kafka.zookeeper.connect",
- "subsection-name": "subsection-ranger-tagsync-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-tagsync-site/ranger.tagsync.source.atlas"
- ],
- "if": "${ranger-tagsync-site/ranger.tagsync.source.atlas}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "tagsync-application-properties/atlas.kafka.entities.group.id",
- "subsection-name": "subsection-ranger-tagsync-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-tagsync-site/ranger.tagsync.source.atlas"
- ],
- "if": "${ranger-tagsync-site/ranger.tagsync.source.atlas}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest",
- "subsection-name": "subsection-ranger-tagsync-row1-col2"
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.endpoint",
- "subsection-name": "subsection-ranger-tagsync-row1-col2",
- "depends-on": [
- {
- "configs":[
- "ranger-tagsync-site/ranger.tagsync.source.atlasrest"
- ],
- "if": "${ranger-tagsync-site/ranger.tagsync.source.atlasrest}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.download.interval.millis",
- "subsection-name": "subsection-ranger-tagsync-row1-col2",
- "depends-on": [
- {
- "configs":[
- "ranger-tagsync-site/ranger.tagsync.source.atlasrest"
- ],
- "if": "${ranger-tagsync-site/ranger.tagsync.source.atlasrest}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.file",
- "subsection-name": "subsection-ranger-tagsync-row2-col1"
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.file.check.interval.millis",
- "subsection-name": "subsection-ranger-tagsync-row2-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-tagsync-site/ranger.tagsync.source.file"
- ],
- "if": "${ranger-tagsync-site/ranger.tagsync.source.file}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.file.filename",
- "subsection-name": "subsection-ranger-tagsync-row2-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-tagsync-site/ranger.tagsync.source.file"
- ],
- "if": "${ranger-tagsync-site/ranger.tagsync.source.file}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.user.searchenabled",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.group.search.first.enabled"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.group.search.first.enabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.search.first.enabled",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-group-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-ugsync-site/ranger.usersync.group.searchenabled"
- ],
- "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/xasecure.audit.destination.solr",
- "subsection-name": "subsection-ranger-solr-row1-col1"
- },
- {
- "config": "ranger-env/is_solrCloud_enabled",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/is_external_solrCloud_enabled",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.solr",
- "ranger-env/is_solrCloud_enabled"
- ],
- "if": "${ranger-env/xasecure.audit.destination.solr} && ${ranger-env/is_solrCloud_enabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/is_external_solrCloud_kerberos",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.solr",
- "ranger-env/is_solrCloud_enabled",
- "ranger-env/is_external_solrCloud_enabled"
- ],
- "if": "${ranger-env/xasecure.audit.destination.solr} && ${ranger-env/is_solrCloud_enabled} && ${ranger-env/is_external_solrCloud_enabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.urls",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/is_solrCloud_enabled",
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/is_solrCloud_enabled} === false && ${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/is_solrCloud_enabled",
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/is_solrCloud_enabled} && ${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.username",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.password",
- "subsection-name": "subsection-ranger-solr-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.solr"
- ],
- "if": "${ranger-env/xasecure.audit.destination.solr}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs",
- "subsection-name": "subsection-ranger-hdfs-row1-col2"
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
- "subsection-name": "subsection-ranger-hdfs-row1-col2",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.hdfs"
- ],
- "if": "${ranger-env/xasecure.audit.destination.hdfs}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- }
- ]
- },
- "widgets": [
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.file.check.interval.millis",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.file.filename",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.download.interval.millis",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.endpoint",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "tagsync-application-properties/atlas.kafka.entities.group.id",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "tagsync-application-properties/atlas.kafka.bootstrap.servers",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "tagsync-application-properties/atlas.kafka.zookeeper.connect",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.atlas",
- "widget": {
- "type": "checkbox"
- }
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest",
- "widget": {
- "type": "checkbox"
- }
- },
- {
- "config": "ranger-tagsync-site/ranger.tagsync.source.file",
- "widget": {
- "type": "checkbox"
- }
- },
- {
- "config": "ranger-env/ranger-atlas-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.user.searchenabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-ugsync-site/ranger.usersync.group.search.first.enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.solr",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/is_solrCloud_enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/is_external_solrCloud_enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/is_external_solrCloud_kerberos",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.urls",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.username",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-admin-site/ranger.audit.solr.password",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
- "widget": {
- "type": "text-field"
- }
- }
- ]
- }
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_5.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_5.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_5.json
deleted file mode 100644
index 8068a38..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_5.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- "configuration": {
- "placement": {
- "configuration-layout": "default",
- "configs": [
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.deltasync",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs"
- },
- {
- "config": "ranger-env/ranger-nifi-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col1",
- "depends-on": [
- {
- "resource": "service",
- "if": "NIFI",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- }
- ]
- },
- "widgets": [
- {
- "config": "ranger-ugsync-site/ranger.usersync.ldap.deltasync",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-nifi-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- }
- ]
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/alerts.json
new file mode 100644
index 0000000..ab473a8
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/alerts.json
@@ -0,0 +1,76 @@
+{
+ "RANGER": {
+ "service": [],
+ "RANGER_ADMIN": [
+ {
+ "name": "ranger_admin_process",
+ "label": "Ranger Admin Process",
+ "description": "This host-level alert is triggered if the Ranger Admin Web UI is unreachable.",
+ "interval": 1,
+ "scope": "ANY",
+ "source": {
+ "type": "WEB",
+ "uri": {
+ "http": "{{admin-properties/policymgr_external_url}}/login.jsp",
+ "https": "{{admin-properties/policymgr_external_url}}/login.jsp",
+ "kerberos_keytab": "{{cluster-env/smokeuser_keytab}}",
+ "kerberos_principal": "{{cluster-env/smokeuser_principal_name}}",
+ "https_property": "{{ranger-admin-site/ranger.service.https.attrib.ssl.enabled}}",
+ "https_property_value": "true",
+ "connection_timeout": 5.0
+ },
+ "reporting": {
+ "ok": {
+ "text": "HTTP {0} response in {2:.3f}s"
+ },
+ "warning": {
+ "text": "HTTP {0} response from {1} in {2:.3f}s ({3})"
+ },
+ "critical": {
+ "text": "Connection failed to {1} ({3})"
+ }
+ }
+ }
+ },
+ {
+ "name": "ranger_admin_password_check",
+ "label": "Ranger Admin password check",
+ "description": "This alert is used to ensure that the Ranger Admin password in Ambari is correct.",
+ "interval": 30,
+ "scope": "ANY",
+ "source": {
+ "type": "SCRIPT",
+ "path": "RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py",
+ "parameters": []
+ }
+ }
+ ],
+ "RANGER_USERSYNC": [
+ {
+ "name": "ranger_usersync_process",
+ "label": "Ranger Usersync Process",
+ "description": "This host-level alert is triggered if the Ranger Usersync cannot be determined to be up.",
+ "interval": 1,
+ "scope": "HOST",
+ "source": {
+ "type": "PORT",
+ "uri": "{{ranger-ugsync-site/ranger.usersync.port}}",
+ "default_port": 5151,
+ "reporting": {
+ "ok": {
+ "text": "TCP OK - {0:.3f}s response on port {1}"
+ },
+ "warning": {
+ "text": "TCP OK - {0:.3f}s response on port {1}",
+ "value": 1.5
+ },
+ "critical": {
+ "text": "Connection failed: {0} to {1}:{2}",
+ "value": 5.0
+ }
+ }
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/admin-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/admin-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/admin-log4j.xml
new file mode 100644
index 0000000..281c7ce
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/admin-log4j.xml
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_xa_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_xa_log_maxbackupindex</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>admin-log4j template</display-name>
+ <description>admin-log4j.properties</description>
+ <value>
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+log4j.rootLogger = warn,xa_log_appender
+
+
+# xa_logger
+log4j.appender.xa_log_appender=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.xa_log_appender.file=${logdir}/xa_portal.log
+log4j.appender.xa_log_appender.datePattern='.'yyyy-MM-dd
+log4j.appender.xa_log_appender.append=true
+log4j.appender.xa_log_appender.layout=org.apache.log4j.PatternLayout
+log4j.appender.xa_log_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n
+log4j.appender.xa_log_appender.MaxFileSize={{ranger_xa_log_maxfilesize}}MB
+log4j.appender.xa_log_appender.MaxBackupIndex={{ranger_xa_log_maxbackupindex}}
+
+# xa_log_appender : category and additivity
+log4j.category.org.springframework=warn,xa_log_appender
+log4j.additivity.org.springframework=false
+
+log4j.category.org.apache.ranger=info,xa_log_appender
+log4j.additivity.org.apache.ranger=false
+
+log4j.category.xa=info,xa_log_appender
+log4j.additivity.xa=false
+
+# perf_logger
+log4j.appender.perf_appender=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.perf_appender.file=${logdir}/ranger_admin_perf.log
+log4j.appender.perf_appender.datePattern='.'yyyy-MM-dd
+log4j.appender.perf_appender.append=true
+log4j.appender.perf_appender.layout=org.apache.log4j.PatternLayout
+log4j.appender.perf_appender.layout.ConversionPattern=%d [%t] %m%n
+
+
+# sql_appender
+log4j.appender.sql_appender=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.sql_appender.file=${logdir}/xa_portal_sql.log
+log4j.appender.sql_appender.datePattern='.'yyyy-MM-dd
+log4j.appender.sql_appender.append=true
+log4j.appender.sql_appender.layout=org.apache.log4j.PatternLayout
+log4j.appender.sql_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n
+
+# sql_appender : category and additivity
+log4j.category.org.hibernate.SQL=warn,sql_appender
+log4j.additivity.org.hibernate.SQL=false
+
+log4j.category.jdbc.sqlonly=fatal,sql_appender
+log4j.additivity.jdbc.sqlonly=false
+
+log4j.category.jdbc.sqltiming=warn,sql_appender
+log4j.additivity.jdbc.sqltiming=false
+
+log4j.category.jdbc.audit=fatal,sql_appender
+log4j.additivity.jdbc.audit=false
+
+log4j.category.jdbc.resultset=fatal,sql_appender
+log4j.additivity.jdbc.resultset=false
+
+log4j.category.jdbc.connection=fatal,sql_appender
+log4j.additivity.jdbc.connection=false
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/admin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/admin-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/admin-properties.xml
new file mode 100644
index 0000000..e76546f
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/admin-properties.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="false">
+ <property>
+ <name>SQL_CONNECTOR_JAR</name>
+ <value>{{driver_curl_target}}</value>
+ <display-name>Location of Sql Connector Jar</display-name>
+ <description>Location of DB client library (please check the location of the jar file)</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false" update="false"/>
+ </property>
+ <property>
+ <name>db_root_user</name>
+ <value>root</value>
+ <display-name>Database Administrator (DBA) username</display-name>
+ <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property require-input="true">
+ <name>db_root_password</name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <display-name>Database Administrator (DBA) password</display-name>
+ <description>Database password for the database admin username</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_host</name>
+ <value/>
+ <display-name>Ranger DB host</display-name>
+ <description>Database host</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_name</name>
+ <value>ranger</value>
+ <display-name>Ranger DB name</display-name>
+ <description>Database name</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_user</name>
+ <value>rangeradmin</value>
+ <display-name>Ranger DB username</display-name>
+ <description>Database username used for the Ranger schema</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property require-input="true">
+ <name>db_password</name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <display-name>Ranger DB password</display-name>
+ <description>Database password for the Ranger schema</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>DB_FLAVOR</name>
+ <value>MYSQL</value>
+ <display-name>DB FLAVOR</display-name>
+ <description>The database type to be used (mysql/oracle)</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>MYSQL</value>
+ <label>MYSQL</label>
+ </entry>
+ <entry>
+ <value>ORACLE</value>
+ <label>ORACLE</label>
+ </entry>
+ <entry>
+ <value>POSTGRES</value>
+ <label>POSTGRES</label>
+ </entry>
+ <entry>
+ <value>MSSQL</value>
+ <label>MSSQL</label>
+ </entry>
+ <entry>
+ <value>SQLA</value>
+ <label>SQL Anywhere</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>policymgr_external_url</name>
+ <value/>
+ <display-name>External URL</display-name>
+ <description>Policy Manager external url eg: http://RANGER_HOST:6080</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.service.http.enabled</name>
+ </property>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.service.http.port</name>
+ </property>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.service.https.port</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
[16/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml
deleted file mode 100644
index 5e60c06..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-site.xml
+++ /dev/null
@@ -1,206 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_final="true">
- <property>
- <name>ranger.tagsync.logdir</name>
- <value>/var/log/ranger/tagsync</value>
- <description>Ranger Log dir</description>
- <value-attributes>
- <type>directory</type>
- <overridable>false</overridable>
- <editable-only-at-install>true</editable-only-at-install>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.dest.ranger.endpoint</name>
- <value>{{ranger_external_url}}</value>
- <description>Ranger TagAdmin REST URL</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.source.atlas</name>
- <display-name>Enable Atlas Tag Source</display-name>
- <value>false</value>
- <description/>
- <value-attributes>
- <type>boolean</type>
- </value-attributes>
- <depends-on>
- <property>
- <type>application-properties</type>
- <name>atlas.server.bind.address</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.source.atlasrest</name>
- <display-name>Enable AtlasRest Tag Source</display-name>
- <value>false</value>
- <description/>
- <value-attributes>
- <type>boolean</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.source.file</name>
- <display-name>Enable File Tag Source</display-name>
- <value>false</value>
- <description/>
- <value-attributes>
- <type>boolean</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.source.file.check.interval.millis</name>
- <display-name>File Source: File update polling interval</display-name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.source.atlasrest.download.interval.millis</name>
- <display-name>AtlasREST Source: Atlas source download interval</display-name>
- <value>60000</value>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.tagsync.source.file.filename</name>
- <display-name>File Source: Filename</display-name>
- <value/>
- <description>File Source Filename</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.tagsync.source.atlasrest.endpoint</name>
- <display-name>AtlasREST Source: Atlas endpoint</display-name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- <depends-on>
- <property>
- <type>application-properties</type>
- <name>atlas.server.http.port</name>
- </property>
- <property>
- <type>application-properties</type>
- <name>atlas.server.https.port</name>
- </property>
- <property>
- <type>application-properties</type>
- <name>atlas.enableTLS</name>
- </property>
- </depends-on>
- </property>
- <property>
- <name>ranger.tagsync.kerberos.principal</name>
- <value/>
- <description/>
- <property-type>KERBEROS_PRINCIPAL</property-type>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.kerberos.keytab</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.dest.ranger.username</name>
- <value>rangertagsync</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.tagsync.source.atlasrest.username</name>
- <value>admin</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.tagsync.atlas.default.cluster.name</name>
- <value>{{cluster_name}}</value>
- <description>Capture cluster name</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.tagsync.keystore.filename</name>
- <value>/usr/hdp/current/ranger-tagsync/conf/rangertagsync.jceks</value>
- <description>Keystore file</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.source.atlasrest.keystore.filename</name>
- <value>/usr/hdp/current/ranger-tagsync/conf/atlasuser.jceks</value>
- <description>Tagsync atlasrest keystore file</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.dest.ranger.ssl.config.filename</name>
- <value>{{stack_root}}/current/ranger-tagsync/conf/ranger-policymgr-ssl.xml</value>
- <description>Keystore and truststore information used for tagsync, required if tagsync -> ranger admin communication is SSL enabled</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.tagsync.source.atlasrest.ssl.config.filename</name>
- <value>{{stack_root}}/current/ranger-tagsync/conf/atlas-tagsync-ssl.xml</value>
- <description>Keystore and truststore information used for tagsync, required if tagsync to atlas communication is SSL enabled</description>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-ugsync-site.xml
deleted file mode 100644
index 922fbd8..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-ugsync-site.xml
+++ /dev/null
@@ -1,577 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<configuration supports_final="true">
- <property>
- <name>ranger.usersync.port</name>
- <value>5151</value>
- <description>Port for unix authentication service, run within usersync</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ssl</name>
- <value>true</value>
- <description>SSL enabled? (ranger admin -> usersync communication)</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.usersync.keystore.password</name>
- <value>UnIx529p</value>
- <property-type>PASSWORD</property-type>
- <description>Keystore password</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.usersync.truststore.password</name>
- <value>changeit</value>
- <property-type>PASSWORD</property-type>
- <description>Truststore password</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.passwordvalidator.path</name>
- <value>./native/credValidator.uexe</value>
- <description>Native program for password validation</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.enabled</name>
- <display-name>Enable User Sync</display-name>
- <value>true</value>
- <description>Should users and groups be synchronized to Ranger Database? Required to setup Ranger policies</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.sink.impl.class</name>
- <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
- <description>Class to be used as sink (to sync users into ranger admin)</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.policymanager.baseURL</name>
- <value>{{ranger_external_url}}</value>
- <description>URL to be used by clients to access ranger admin, use FQDN</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.policymanager.maxrecordsperapicall</name>
- <value>1000</value>
- <description>How many records to be returned per API call</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.policymanager.mockrun</name>
- <value>false</value>
- <description>Is user sync doing mock run?</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.unix.minUserId</name>
- <display-name>Minimum User ID</display-name>
- <value>500</value>
- <description>Only sync users above this user id (applicable for UNIX)</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.unix.group.file</name>
- <display-name>Group File</display-name>
- <value>/etc/group</value>
- <description>Location of the groups file on the linux server</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.unix.password.file</name>
- <display-name>Password File</display-name>
- <value>/etc/passwd</value>
- <description>Location of the password file on the linux server</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
- <value>60000</value>
- <description>Sleeptime interval in milliseconds, if < 6000 then default to 1 min</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.source.impl.class</name>
- <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
- <display-name>Sync Source</display-name>
- <description>For Ldap: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder, For Unix: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder, org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</description>
- <value-attributes>
- <type>value-list</type>
- <empty-value-valid>true</empty-value-valid>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
- <label>UNIX</label>
- </entry>
- <entry>
- <value>org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</value>
- <label>FILE</label>
- </entry>
- <entry>
- <value>org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder</value>
- <label>LDAP/AD</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.filesource.file</name>
- <display-name>File Name</display-name>
- <value>/tmp/usergroup.txt</value>
- <description>Path to the file with the users and groups information. Example: /tmp/usergroup.json or /tmp/usergroup.csv or /tmp/usergroup.txt</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.filesource.text.delimiter</name>
- <display-name>Delimiter</display-name>
- <value>,</value>
- <description>Delimiter used in file, if File based user sync is used</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.url</name>
- <display-name>LDAP/AD URL</display-name>
- <value/>
- <description>LDAP server URL. Example: value = ldap://localhost:389 or ldaps//localhost:636</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.binddn</name>
- <display-name>​Bind User</display-name>
- <value/>
- <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. This user is used for searching the users. This could be read-only LDAP user. Example: cn=admin,dc=example,dc=com</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.ldapbindpassword</name>
- <display-name>Bind User Password</display-name>
- <value/>
- <property-type>PASSWORD</property-type>
- <description>Password for the LDAP bind user used for searching users.</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.bindalias</name>
- <value>testldapalias</value>
- <description>Set as ranger.usersync.ldap.bindalias (string as is)</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.usersync.ldap.searchBase</name>
- <value>dc=hadoop,dc=apache,dc=org</value>
- <description>"# search base for users and groups
-# sample value would be dc=hadoop,dc=apache,dc=org
-# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated"</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.user.searchbase</name>
- <display-name>User Search Base</display-name>
- <value/>
- <description>"# search base for users
-# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
-# overrides value specified in ranger.usersync.ldap.searchBase
-# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: cn=users,dc=example,dc=com;ou=example1,ou=example2"</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.user.searchscope</name>
- <display-name>User Search Scope</display-name>
- <value>sub</value>
- <description>"# search scope for the users, only base, one and sub are supported values
-# please customize the value to suit your deployment
-# default value: sub"</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.user.objectclass</name>
- <display-name>User Object Class​</display-name>
- <value>person</value>
- <description>LDAP User Object Class. Example: person or user</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.user.searchfilter</name>
- <display-name>​User Search Filter</display-name>
- <value/>
- <description>"optional additional filter constraining the users selected for syncing
-# a sample value would be (dept=eng)
-# please customize the value to suit your deployment
-# default value is empty"</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.user.nameattribute</name>
- <display-name>Username Attribute</display-name>
- <value/>
- <description>LDAP user name attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.referral</name>
- <value>ignore</value>
- <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.user.groupnameattribute</name>
- <display-name>User Group Name Attribute</display-name>
- <value>memberof, ismemberof</value>
- <description>LDAP user group name attribute. Generally it is the same as username attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.username.caseconversion</name>
- <value>none</value>
- <description>User name case conversion</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.groupname.caseconversion</name>
- <value>none</value>
- <description>Group name case conversion</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.logdir</name>
- <value>{{usersync_log_dir}}</value>
- <description>User sync log directory</description>
- <value-attributes>
- <visible>false</visible>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.usersync.group.usermapsyncenabled</name>
- <value>true</value>
- <display-name>Group User Map Sync</display-name>
- <description>Sync specific groups for users?</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.group.searchbase</name>
- <display-name>Group Search Base</display-name>
- <value/>
- <description>"# search base for groups
-# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
-# overrides value specified in ranger.usersync.ldap.searchBase, ranger.usersync.ldap.user.searchbase
-# if a value is not specified, takes the value of ranger.usersync.ldap.searchBase
-# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"
-# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: ou=groups,DC=example,DC=com;ou=group1,ou=group2"
-</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.group.searchscope</name>
- <value/>
- <description>"# search scope for the groups, only base, one and sub are supported values
-# please customize the value to suit your deployment
-# default value: sub"</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.group.objectclass</name>
- <display-name>Group Object Class</display-name>
- <value/>
- <description>LDAP Group object class. Example: group</description>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.usersync.group.searchfilter</name>
- <value/>
- <display-name>Group Search Filter</display-name>
- <description>"# optional additional filter constraining the groups selected for syncing
-# a sample value would be (dept=eng)
-# please customize the value to suit your deployment
-# default value is empty"</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.group.nameattribute</name>
- <display-name>Group Name Attribute</display-name>
- <value/>
- <description>LDAP group name attribute. Example: cn</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.group.memberattributename</name>
- <display-name>Group Member Attribute</display-name>
- <value/>
- <description>LDAP group member attribute name. Example: member</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.pagedresultsenabled</name>
- <value>true</value>
- <description>Results can be paged?</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.pagedresultssize</name>
- <value>500</value>
- <description>Page size</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.usersync.kerberos.principal</name>
- <value/>
- <description/>
- <property-type>KERBEROS_PRINCIPAL</property-type>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.kerberos.keytab</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.policymgr.username</name>
- <value>rangerusersync</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.policymgr.alias</name>
- <value>ranger.usersync.policymgr.password</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.usersync.group.search.first.enabled</name>
- <display-name>Enable Group Search First</display-name>
- <value>false</value>
- <description/>
- <value-attributes>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.user.searchenabled</name>
- <display-name>Enable User Search</display-name>
- <value>false</value>
- <description/>
- <value-attributes>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.deltasync</name>
- <display-name>Incremental Sync</display-name>
- <value>true</value>
- <description>Enable Incremental Sync</description>
- <value-attributes>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.usersync.group.searchenabled</name>
- <display-name>Enable Group Sync</display-name>
- <value>false</value>
- <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes
- # valid values: true, false
- # any value other than true would be treated as false
- # default value: false"</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <depends-on>
- <property>
- <type>ranger-ugsync-site</type>
- <name>ranger.usersync.ldap.deltasync</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.keystore.file</name>
- <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
- <description>Keystore file used for usersync</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.truststore.file</name>
- <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
- <description>Truststore used for usersync, required if usersync -> ranger admin communication is SSL enabled</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.ldap.bindkeystore</name>
- <value/>
- <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.credstore.filename</name>
- <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
- <description>Credential store file name for user sync, specify full path</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.usersync.policymgr.keystore</name>
- <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-application-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-application-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-application-properties.xml
deleted file mode 100644
index f616324..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-application-properties.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>atlas.kafka.entities.group.id</name>
- <display-name>Atlas Source: Kafka consumer group</display-name>
- <value>ranger_entities_consumer</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>atlas.kafka.bootstrap.servers</name>
- <display-name>Atlas Source: Kafka endpoint</display-name>
- <value>localhost:6667</value>
- <description/>
- <depends-on>
- <property>
- <type>kafka-broker</type>
- <name>port</name>
- </property>
- </depends-on>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>atlas.kafka.zookeeper.connect</name>
- <display-name>Atlas Source: Zookeeper endpoint</display-name>
- <value>localhost:2181</value>
- <description/>
- <depends-on>
- <property>
- <type>zoo.cfg</type>
- <name>clientPort</name>
- </property>
- </depends-on>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-log4j.xml
deleted file mode 100644
index 8ec85a0..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/tagsync-log4j.xml
+++ /dev/null
@@ -1,90 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_adding_forbidden="false">
- <property>
- <name>ranger_tagsync_log_maxfilesize</name>
- <value>256</value>
- <description>The maximum size of backup file before the log is rotated</description>
- <display-name>Ranger tagsync Log: backup file size</display-name>
- <value-attributes>
- <unit>MB</unit>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_tagsync_log_number_of_backup_files</name>
- <value>20</value>
- <description>The number of backup files</description>
- <display-name>Ranger tagsync Log: # of backup files</display-name>
- <value-attributes>
- <type>int</type>
- <minimum>0</minimum>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>content</name>
- <display-name>tagsync-log4j template</display-name>
- <description>tagsync-log4j.properties</description>
- <value>
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-
-log4j.rootLogger = info,logFile
-
-# logFile
-log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.logFile.file=${logdir}/tagsync.log
-log4j.appender.logFile.datePattern='.'yyyy-MM-dd
-log4j.appender.logFile.layout=org.apache.log4j.PatternLayout
-log4j.appender.logFile.MaxFileSize = {{ranger_tagsync_log_maxfilesize}}MB
-log4j.appender.logFile.MaxBackupIndex = {{ranger_tagsync_log_number_of_backup_files}}
-log4j.appender.logFile.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n
-
-# console
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.Target=System.out
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n
- </value>
- <value-attributes>
- <type>content</type>
- <show-property-name>false</show-property-name>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-log4j.xml
deleted file mode 100644
index 6d91b6e..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-log4j.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_adding_forbidden="false">
- <property>
- <name>ranger_usersync_log_maxfilesize</name>
- <value>256</value>
- <description>The maximum size of backup file before the log is rotated</description>
- <display-name>Ranger usersync Log: backup file size</display-name>
- <value-attributes>
- <unit>MB</unit>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_usersync_log_maxbackupindex</name>
- <value>20</value>
- <description>The number of backup files</description>
- <display-name>Ranger usersync Log: # of backup files</display-name>
- <value-attributes>
- <type>int</type>
- <minimum>0</minimum>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>content</name>
- <display-name>usersync-log4j template</display-name>
- <description>usersync-log4j.properties</description>
- <value>
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-log4j.rootLogger = info,logFile
-
-# logFile
-log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.logFile.file=${logdir}/usersync.log
-log4j.appender.logFile.datePattern='.'yyyy-MM-dd
-log4j.appender.logFile.layout=org.apache.log4j.PatternLayout
-log4j.appender.logFile.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n
-log4j.appender.logFile.MaxFileSize = {{ranger_usersync_log_maxfilesize}}MB
-log4j.appender.logFile.MaxBackupIndex = {{ranger_usersync_log_maxbackupindex}}
-
-# console
-log4j.appender.console=org.apache.log4j.ConsoleAppender
-log4j.appender.console.Target=System.out
-log4j.appender.console.layout=org.apache.log4j.PatternLayout
-log4j.appender.console.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n
- </value>
- <value-attributes>
- <type>content</type>
- <show-property-name>false</show-property-name>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-properties.xml
deleted file mode 100644
index 15aabe8..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/usersync-properties.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_final="false">
-
-
-
-
-
-
-
-
-
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/kerberos.json
deleted file mode 100644
index 1fc8acf..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/kerberos.json
+++ /dev/null
@@ -1,153 +0,0 @@
-{
- "services": [
- {
- "name": "RANGER",
- "identities": [
- {
- "name": "/spnego"
- },
- {
- "name": "/smokeuser"
- }
- ],
- "configurations": [
- {
- "ranger-admin-site": {
- "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
- "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
- "xasecure.audit.jaas.Client.option.useKeyTab": "true",
- "xasecure.audit.jaas.Client.option.storeKey": "false",
- "xasecure.audit.jaas.Client.option.serviceName": "solr"
- }
- }
- ],
- "components": [
- {
- "name": "RANGER_ADMIN",
- "identities": [
- {
- "name": "rangeradmin",
- "principal": {
- "value": "rangeradmin/_HOST@${realm}",
- "type" : "service",
- "configuration": "ranger-admin-site/ranger.admin.kerberos.principal",
- "local_username" : "${ranger-env/ranger_user}"
- },
- "keytab": {
- "file": "${keytab_dir}/rangeradmin.service.keytab",
- "owner": {
- "name": "${ranger-env/ranger_user}",
- "access": "r"
- },
- "configuration": "ranger-admin-site/ranger.admin.kerberos.keytab"
- }
- },
- {
- "name": "rangerlookup",
- "principal": {
- "value": "rangerlookup/_HOST@${realm}",
- "configuration": "ranger-admin-site/ranger.lookup.kerberos.principal",
- "type" : "service"
- },
- "keytab": {
- "file": "${keytab_dir}/rangerlookup.service.keytab",
- "owner": {
- "name": "${ranger-env/ranger_user}",
- "access": "r"
- },
- "configuration": "ranger-admin-site/ranger.lookup.kerberos.keytab"
- }
- },
- {
- "name": "/spnego",
- "keytab": {
- "configuration": "ranger-admin-site/ranger.spnego.kerberos.keytab"
- }
- },
- {
- "name": "/RANGER/RANGER_ADMIN/rangeradmin",
- "principal": {
- "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.principal"
- },
- "keytab": {
- "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.keyTab"
- }
- },
- {
- "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
- "when" : {
- "contains" : ["services", "AMBARI_INFRA"]
- }
- }
- ]
- },
- {
- "name": "RANGER_USERSYNC",
- "identities": [
- {
- "name": "rangerusersync",
- "principal": {
- "value": "rangerusersync/_HOST@${realm}",
- "type" : "service",
- "configuration" : "ranger-ugsync-site/ranger.usersync.kerberos.principal",
- "local_username" : "rangerusersync"
- },
- "keytab": {
- "file": "${keytab_dir}/rangerusersync.service.keytab",
- "owner": {
- "name": "${ranger-env/ranger_user}",
- "access": "r"
- },
- "configuration": "ranger-ugsync-site/ranger.usersync.kerberos.keytab"
- }
- }
- ]
- },
- {
- "name": "RANGER_TAGSYNC",
- "identities": [
- {
- "name": "rangertagsync",
- "principal": {
- "value": "rangertagsync/_HOST@${realm}",
- "type" : "service",
- "configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.principal",
- "local_username" : "rangertagsync"
- },
- "keytab": {
- "file": "${keytab_dir}/rangertagsync.service.keytab",
- "owner": {
- "name": "${ranger-env/ranger_user}",
- "access": "r"
- },
- "configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.keytab"
- }
- },
- {
- "name": "/RANGER/RANGER_TAGSYNC/rangertagsync",
- "principal": {
- "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.principal"
- },
- "keytab": {
- "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.keyTab"
- }
- }
- ],
- "configurations": [
- {
- "tagsync-application-properties": {
- "atlas.jaas.KafkaClient.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
- "atlas.jaas.KafkaClient.loginModuleControlFlag": "required",
- "atlas.jaas.KafkaClient.option.useKeyTab": "true",
- "atlas.jaas.KafkaClient.option.storeKey": "true",
- "atlas.jaas.KafkaClient.option.serviceName": "kafka",
- "atlas.kafka.sasl.kerberos.service.name": "kafka",
- "atlas.kafka.security.protocol": "PLAINTEXTSASL"
- }
- }
- ]
- }
- ]
- }
- ]
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/metainfo.xml
deleted file mode 100644
index e208800..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/metainfo.xml
+++ /dev/null
@@ -1,189 +0,0 @@
-<?xml version="1.0"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<metainfo>
- <schemaVersion>2.0</schemaVersion>
- <services>
- <service>
- <name>RANGER</name>
- <displayName>Ranger</displayName>
- <comment>Comprehensive security for Hadoop</comment>
- <version>0.7.0.3.0</version>
- <components>
-
- <component>
- <name>RANGER_ADMIN</name>
- <displayName>Ranger Admin</displayName>
- <category>MASTER</category>
- <cardinality>1+</cardinality>
- <versionAdvertised>true</versionAdvertised>
- <dependencies>
- <dependency>
- <name>AMBARI_INFRA/INFRA_SOLR_CLIENT</name>
- <scope>host</scope>
- <auto-deploy>
- <enabled>true</enabled>
- </auto-deploy>
- </dependency>
- </dependencies>
- <commandScript>
- <script>scripts/ranger_admin.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>600</timeout>
- </commandScript>
- <logs>
- <log>
- <logId>ranger_admin</logId>
- <primary>true</primary>
- </log>
- <log>
- <logId>ranger_dbpatch</logId>
- </log>
- </logs>
- </component>
-
- <component>
- <name>RANGER_TAGSYNC</name>
- <displayName>Ranger Tagsync</displayName>
- <category>SLAVE</category>
- <cardinality>0-1</cardinality>
- <versionAdvertised>true</versionAdvertised>
- <commandScript>
- <script>scripts/ranger_tagsync.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>600</timeout>
- </commandScript>
- <configuration-dependencies>
- <config-type>ranger-tagsync-site</config-type>
- <config-type>tagsync-application-properties</config-type>
- </configuration-dependencies>
- </component>
-
- <component>
- <name>RANGER_USERSYNC</name>
- <displayName>Ranger Usersync</displayName>
- <category>MASTER</category>
- <cardinality>1</cardinality>
- <versionAdvertised>true</versionAdvertised>
- <auto-deploy>
- <enabled>true</enabled>
- <co-locate>RANGER/RANGER_ADMIN</co-locate>
- </auto-deploy>
- <commandScript>
- <script>scripts/ranger_usersync.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>600</timeout>
- </commandScript>
- <logs>
- <log>
- <logId>ranger_usersync</logId>
- <primary>true</primary>
- </log>
- </logs>
- </component>
-
- </components>
- <configuration-dependencies>
- <config-type>admin-properties</config-type>
- <config-type>ranger-site</config-type>
- <config-type>usersync-properties</config-type>
- <config-type>ranger-admin-site</config-type>
- <config-type>ranger-ugsync-site</config-type>
- <config-type>admin-log4j</config-type>
- <config-type>usersync-log4j</config-type>
- <config-type>ranger-solr-configuration</config-type>
- </configuration-dependencies>
-
- <commandScript>
- <script>scripts/service_check.py</script>
- <scriptType>PYTHON</scriptType>
- <timeout>300</timeout>
- </commandScript>
-
- <themes>
- <theme>
- <fileName>theme_version_1.json</fileName>
- <default>true</default>
- </theme>
- <theme>
- <fileName>theme_version_2.json</fileName>
- <default>true</default>
- </theme>
- <theme>
- <fileName>theme_version_3.json</fileName>
- <default>true</default>
- </theme>
- <theme>
- <fileName>theme_version_5.json</fileName>
- <default>true</default>
- </theme>
- </themes>
-
- <osSpecifics>
- <osSpecific>
- <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
- <packages>
- <package>
- <name>ranger_${stack_version}-admin</name>
- </package>
- <package>
- <name>ranger_${stack_version}-usersync</name>
- </package>
- <package>
- <name>ranger_${stack_version}-tagsync</name>
- <condition>should_install_ranger_tagsync</condition>
- </package>
- <package>
- <name>ambari-infra-solr-client</name>
- <condition>should_install_infra_solr_client</condition>
- </package>
- </packages>
- </osSpecific>
- <osSpecific>
- <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily>
- <packages>
- <package>
- <name>ranger-${stack_version}-admin</name>
- </package>
- <package>
- <name>ranger-${stack_version}-usersync</name>
- </package>
- <package>
- <name>ranger-${stack_version}-tagsync</name>
- <condition>should_install_ranger_tagsync</condition>
- </package>
- <package>
- <name>ambari-infra-solr-client</name>
- <condition>should_install_infra_solr_client</condition>
- </package>
- </packages>
- </osSpecific>
- </osSpecifics>
-
- <quickLinksConfigurations>
- <quickLinksConfiguration>
- <fileName>quicklinks.json</fileName>
- <default>true</default>
- </quickLinksConfiguration>
- </quickLinksConfigurations>
-
- </service>
- </services>
-</metainfo>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
deleted file mode 100644
index 8ea8070..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
+++ /dev/null
@@ -1,195 +0,0 @@
-#!/usr/bin/env python
-
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-
-import base64
-import urllib2
-import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
-import logging
-from resource_management.core.environment import Environment
-from resource_management.libraries.script import Script
-from resource_management.libraries.functions.stack_features import check_stack_feature
-from resource_management.libraries.functions import StackFeature
-
-logger = logging.getLogger()
-RANGER_ADMIN_URL = '{{admin-properties/policymgr_external_url}}'
-ADMIN_USERNAME = '{{ranger-env/admin_username}}'
-ADMIN_PASSWORD = '{{ranger-env/admin_password}}'
-RANGER_ADMIN_USERNAME = '{{ranger-env/ranger_admin_username}}'
-RANGER_ADMIN_PASSWORD = '{{ranger-env/ranger_admin_password}}'
-SECURITY_ENABLED = '{{cluster-env/security_enabled}}'
-
-def get_tokens():
- """
- Returns a tuple of tokens in the format {{site/property}} that will be used
- to build the dictionary passed into execute
-
- :return tuple
- """
- return (RANGER_ADMIN_URL, ADMIN_USERNAME, ADMIN_PASSWORD, RANGER_ADMIN_USERNAME, RANGER_ADMIN_PASSWORD, SECURITY_ENABLED)
-
-
-def execute(configurations={}, parameters={}, host_name=None):
- """
- Returns a tuple containing the result code and a pre-formatted result label
-
- Keyword arguments:
- configurations (dictionary): a mapping of configuration key to value
- parameters (dictionary): a mapping of script parameter key to value
- host_name (string): the name of this host where the alert is running
- """
-
- if configurations is None:
- return (('UNKNOWN', ['There were no configurations supplied to the script.']))
-
- ranger_link = None
- ranger_auth_link = None
- ranger_get_user = None
- admin_username = None
- admin_password = None
- ranger_admin_username = None
- ranger_admin_password = None
- security_enabled = False
-
- stack_version_formatted = Script.get_stack_version()
- stack_supports_ranger_kerberos = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, stack_version_formatted)
-
- if RANGER_ADMIN_URL in configurations:
- ranger_link = configurations[RANGER_ADMIN_URL]
- if ranger_link.endswith('/'):
- ranger_link = ranger_link[:-1]
- ranger_auth_link = '{0}/{1}'.format(ranger_link, 'service/public/api/repository/count')
- ranger_get_user = '{0}/{1}'.format(ranger_link, 'service/xusers/users')
-
- if ADMIN_USERNAME in configurations:
- admin_username = configurations[ADMIN_USERNAME]
-
- if ADMIN_PASSWORD in configurations:
- admin_password = configurations[ADMIN_PASSWORD]
-
- if RANGER_ADMIN_USERNAME in configurations:
- ranger_admin_username = configurations[RANGER_ADMIN_USERNAME]
-
- if RANGER_ADMIN_PASSWORD in configurations:
- ranger_admin_password = configurations[RANGER_ADMIN_PASSWORD]
-
- if SECURITY_ENABLED in configurations:
- security_enabled = str(configurations[SECURITY_ENABLED]).upper() == 'TRUE'
-
- label = None
- result_code = 'OK'
-
- try:
- if security_enabled and stack_supports_ranger_kerberos:
- result_code = 'UNKNOWN'
- label = 'This alert will get skipped for Ranger Admin on kerberos env'
- else:
- admin_http_code = check_ranger_login(ranger_auth_link, admin_username, admin_password)
- if admin_http_code == 200:
- get_user_code = get_ranger_user(ranger_get_user, admin_username, admin_password, ranger_admin_username)
- if get_user_code:
- user_http_code = check_ranger_login(ranger_auth_link, ranger_admin_username, ranger_admin_password)
- if user_http_code == 200:
- result_code = 'OK'
- label = 'Login Successful for users {0} and {1}'.format(admin_username, ranger_admin_username)
- elif user_http_code == 401:
- result_code = 'CRITICAL'
- label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(ranger_admin_username)
- else:
- result_code = 'WARNING'
- label = 'Ranger Admin service is not reachable, please restart the service'
- else:
- result_code = 'OK'
- label = 'Login Successful for user: {0}. User:{1} user not yet synced with Ranger'.format(admin_username, ranger_admin_username)
- elif admin_http_code == 401:
- result_code = 'CRITICAL'
- label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(admin_username)
- else:
- result_code = 'WARNING'
- label = 'Ranger Admin service is not reachable, please restart the service'
-
- except Exception, e:
- label = str(e)
- result_code = 'UNKNOWN'
- logger.exception(label)
-
- return ((result_code, [label]))
-
-def check_ranger_login(ranger_auth_link, username, password):
- """
- params ranger_auth_link: ranger login url
- params username: user credentials
- params password: user credentials
-
- return response code
- """
- try:
- usernamepassword = '{0}:{1}'.format(username, password)
- base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
- request = urllib2.Request(ranger_auth_link)
- request.add_header("Content-Type", "application/json")
- request.add_header("Accept", "application/json")
- request.add_header("Authorization", "Basic {0}".format(base_64_string))
- result = urllib2.urlopen(request, timeout=20)
- response_code = result.getcode()
- if response_code == 200:
- response = json.loads(result.read())
- return response_code
- except urllib2.HTTPError, e:
- logger.exception("Error during Ranger service authentication. Http status code - {0}. {1}".format(e.code, e.read()))
- return e.code
- except urllib2.URLError, e:
- logger.exception("Error during Ranger service authentication. {0}".format(e.reason))
- return None
- except Exception, e:
- return 401
-
-def get_ranger_user(ranger_get_user, username, password, user):
- """
- params ranger_get_user: ranger get user url
- params username: user credentials
- params password: user credentials
- params user: user to be search
- return Boolean if user exist or not
- """
- try:
- url = '{0}?name={1}'.format(ranger_get_user, user)
- usernamepassword = '{0}:{1}'.format(username, password)
- base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
- request = urllib2.Request(url)
- request.add_header("Content-Type", "application/json")
- request.add_header("Accept", "application/json")
- request.add_header("Authorization", "Basic {0}".format(base_64_string))
- result = urllib2.urlopen(request, timeout=20)
- response_code = result.getcode()
- response = json.loads(result.read())
- if response_code == 200 and len(response['vXUsers']) > 0:
- for xuser in response['vXUsers']:
- if xuser['name'] == user:
- return True
- else:
- return False
- except urllib2.HTTPError, e:
- logger.exception("Error getting user from Ranger service. Http status code - {0}. {1}".format(e.code, e.read()))
- return False
- except urllib2.URLError, e:
- logger.exception("Error getting user from Ranger service. {0}".format(e.reason))
- return False
- except Exception, e:
- return False
[12/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/service_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/service_advisor.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/service_advisor.py
deleted file mode 100644
index 875fa30..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/service_advisor.py
+++ /dev/null
@@ -1,793 +0,0 @@
-#!/usr/bin/env ambari-python-wrap
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-
-# Python imports
-import imp
-import os
-import traceback
-import re
-import socket
-import fnmatch
-
-
-from resource_management.core.logger import Logger
-
-SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
-STACKS_DIR = os.path.join(SCRIPT_DIR, '../../../stacks/')
-PARENT_FILE = os.path.join(STACKS_DIR, 'service_advisor.py')
-
-try:
- with open(PARENT_FILE, 'rb') as fp:
- service_advisor = imp.load_module('service_advisor', fp, PARENT_FILE, ('.py', 'rb', imp.PY_SOURCE))
-except Exception as e:
- traceback.print_exc()
- print "Failed to load parent"
-
-DB_TYPE_DEFAULT_PORT_MAP = {"MYSQL":"3306", "ORACLE":"1521", "POSTGRES":"5432", "MSSQL":"1433", "SQLA":"2638"}
-
-class RangerServiceAdvisor(service_advisor.ServiceAdvisor):
-
- def __init__(self, *args, **kwargs):
- self.as_super = super(RangerServiceAdvisor, self)
- self.as_super.__init__(*args, **kwargs)
-
- # Always call these methods
- self.modifyMastersWithMultipleInstances()
- self.modifyCardinalitiesDict()
- self.modifyHeapSizeProperties()
- self.modifyNotValuableComponents()
- self.modifyComponentsNotPreferableOnServer()
- self.modifyComponentLayoutSchemes()
-
- def modifyMastersWithMultipleInstances(self):
- """
- Modify the set of masters with multiple instances.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def modifyCardinalitiesDict(self):
- """
- Modify the dictionary of cardinalities.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def modifyHeapSizeProperties(self):
- """
- Modify the dictionary of heap size properties.
- Must be overriden in child class.
- """
- pass
-
- def modifyNotValuableComponents(self):
- """
- Modify the set of components whose host assignment is based on other services.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def modifyComponentsNotPreferableOnServer(self):
- """
- Modify the set of components that are not preferable on the server.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def modifyComponentLayoutSchemes(self):
- """
- Modify layout scheme dictionaries for components.
- The scheme dictionary basically maps the number of hosts to
- host index where component should exist.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def getServiceComponentLayoutValidations(self, services, hosts):
- """
- Get a list of errors.
- Must be overriden in child class.
- """
-
- return []
-
- def getServiceConfigurationRecommendations(self, configurations, clusterData, services, hosts):
- """
- Entry point.
- Must be overriden in child class.
- """
- #Logger.info("Class: %s, Method: %s. Recommending Service Configurations." %
- # (self.__class__.__name__, inspect.stack()[0][3]))
-
- recommender = RangerRecommender()
- recommender.recommendRangerConfigurationsFromHDP206(configurations, clusterData, services, hosts)
- recommender.recommendRangerConfigurationsFromHDP22(configurations, clusterData, services, hosts)
- recommender.recommendRangerConfigurationsFromHDP23(configurations, clusterData, services, hosts)
- recommender.recommendRangerConfigurationsFromHDP25(configurations, clusterData, services, hosts)
- recommender.recommendRangerConfigurationsFromHDP26(configurations, clusterData, services, hosts)
-
-
-
- def getServiceConfigurationsValidationItems(self, configurations, recommendedDefaults, services, hosts):
- """
- Entry point.
- Validate configurations for the service. Return a list of errors.
- The code for this function should be the same for each Service Advisor.
- """
- #Logger.info("Class: %s, Method: %s. Validating Configurations." %
- # (self.__class__.__name__, inspect.stack()[0][3]))
-
- validator = RangerValidator()
- # Calls the methods of the validator using arguments,
- # method(siteProperties, siteRecommendations, configurations, services, hosts)
- return validator.validateListOfConfigUsingMethod(configurations, recommendedDefaults, services, hosts, validator.validators)
-
-
-
-class RangerRecommender(service_advisor.ServiceAdvisor):
- """
- Ranger Recommender suggests properties when adding the service for the first time or modifying configs via the UI.
- """
-
- def __init__(self, *args, **kwargs):
- self.as_super = super(RangerRecommender, self)
- self.as_super.__init__(*args, **kwargs)
-
- def recommendRangerConfigurationsFromHDP206(self, configurations, clusterData, services, hosts):
-
- putRangerAdminProperty = self.putProperty(configurations, "admin-properties", services)
-
- # Build policymgr_external_url
- protocol = 'http'
- ranger_admin_host = 'localhost'
- port = '6080'
-
- # Check if http is disabled. For HDP-2.3 this can be checked in ranger-admin-site/ranger.service.http.enabled
- # For Ranger-0.4.0 this can be checked in ranger-site/http.enabled
- if ('ranger-site' in services['configurations'] and 'http.enabled' in services['configurations']['ranger-site']['properties'] \
- and services['configurations']['ranger-site']['properties']['http.enabled'].lower() == 'false') or \
- ('ranger-admin-site' in services['configurations'] and 'ranger.service.http.enabled' in services['configurations']['ranger-admin-site']['properties'] \
- and services['configurations']['ranger-admin-site']['properties']['ranger.service.http.enabled'].lower() == 'false'):
- # HTTPS protocol is used
- protocol = 'https'
- # Starting Ranger-0.5.0.2.3 port stored in ranger-admin-site ranger.service.https.port
- if 'ranger-admin-site' in services['configurations'] and \
- 'ranger.service.https.port' in services['configurations']['ranger-admin-site']['properties']:
- port = services['configurations']['ranger-admin-site']['properties']['ranger.service.https.port']
- # In Ranger-0.4.0 port stored in ranger-site https.service.port
- elif 'ranger-site' in services['configurations'] and \
- 'https.service.port' in services['configurations']['ranger-site']['properties']:
- port = services['configurations']['ranger-site']['properties']['https.service.port']
- else:
- # HTTP protocol is used
- # Starting Ranger-0.5.0.2.3 port stored in ranger-admin-site ranger.service.http.port
- if 'ranger-admin-site' in services['configurations'] and \
- 'ranger.service.http.port' in services['configurations']['ranger-admin-site']['properties']:
- port = services['configurations']['ranger-admin-site']['properties']['ranger.service.http.port']
- # In Ranger-0.4.0 port stored in ranger-site http.service.port
- elif 'ranger-site' in services['configurations'] and \
- 'http.service.port' in services['configurations']['ranger-site']['properties']:
- port = services['configurations']['ranger-site']['properties']['http.service.port']
-
- ranger_admin_hosts = self.getComponentHostNames(services, "RANGER", "RANGER_ADMIN")
- if ranger_admin_hosts:
- if len(ranger_admin_hosts) > 1 \
- and services['configurations'] \
- and 'admin-properties' in services['configurations'] and 'policymgr_external_url' in services['configurations']['admin-properties']['properties'] \
- and services['configurations']['admin-properties']['properties']['policymgr_external_url'] \
- and services['configurations']['admin-properties']['properties']['policymgr_external_url'].strip():
-
- # in case of HA deployment keep the policymgr_external_url specified in the config
- policymgr_external_url = services['configurations']['admin-properties']['properties']['policymgr_external_url']
- else:
-
- ranger_admin_host = ranger_admin_hosts[0]
- policymgr_external_url = "%s://%s:%s" % (protocol, ranger_admin_host, port)
-
- putRangerAdminProperty('policymgr_external_url', policymgr_external_url)
-
- rangerServiceVersion = [service['StackServices']['service_version'] for service in services["services"] if service['StackServices']['service_name'] == 'RANGER'][0]
- if rangerServiceVersion == '0.4.0':
- # Recommend ldap settings based on ambari.properties configuration
- # If 'ambari.ldap.isConfigured' == true
- # For Ranger version 0.4.0
- if 'ambari-server-properties' in services and \
- 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \
- services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true":
- putUserSyncProperty = self.putProperty(configurations, "usersync-properties", services)
- serverProperties = services['ambari-server-properties']
- if 'authentication.ldap.managerDn' in serverProperties:
- putUserSyncProperty('SYNC_LDAP_BIND_DN', serverProperties['authentication.ldap.managerDn'])
- if 'authentication.ldap.primaryUrl' in serverProperties:
- ldap_protocol = 'ldap://'
- if 'authentication.ldap.useSSL' in serverProperties and serverProperties['authentication.ldap.useSSL'] == 'true':
- ldap_protocol = 'ldaps://'
- ldapUrl = ldap_protocol + serverProperties['authentication.ldap.primaryUrl'] if serverProperties['authentication.ldap.primaryUrl'] else serverProperties['authentication.ldap.primaryUrl']
- putUserSyncProperty('SYNC_LDAP_URL', ldapUrl)
- if 'authentication.ldap.userObjectClass' in serverProperties:
- putUserSyncProperty('SYNC_LDAP_USER_OBJECT_CLASS', serverProperties['authentication.ldap.userObjectClass'])
- if 'authentication.ldap.usernameAttribute' in serverProperties:
- putUserSyncProperty('SYNC_LDAP_USER_NAME_ATTRIBUTE', serverProperties['authentication.ldap.usernameAttribute'])
-
-
- # Set Ranger Admin Authentication method
- if 'admin-properties' in services['configurations'] and 'usersync-properties' in services['configurations'] and \
- 'SYNC_SOURCE' in services['configurations']['usersync-properties']['properties']:
- rangerUserSyncSource = services['configurations']['usersync-properties']['properties']['SYNC_SOURCE']
- authenticationMethod = rangerUserSyncSource.upper()
- if authenticationMethod != 'FILE':
- putRangerAdminProperty('authentication_method', authenticationMethod)
-
- # Recommend xasecure.audit.destination.hdfs.dir
- # For Ranger version 0.4.0
- servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
- putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
- include_hdfs = "HDFS" in servicesList
- if include_hdfs:
- if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
- default_fs = services['configurations']['core-site']['properties']['fs.defaultFS']
- default_fs += '/ranger/audit/%app-type%/%time:yyyyMMdd%'
- putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', default_fs)
-
- # Recommend Ranger Audit properties for ranger supported services
- # For Ranger version 0.4.0
- ranger_services = [
- {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-plugin-properties'},
- {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-plugin-properties'},
- {'service_name': 'HIVE', 'audit_file': 'ranger-hive-plugin-properties'},
- {'service_name': 'KNOX', 'audit_file': 'ranger-knox-plugin-properties'},
- {'service_name': 'STORM', 'audit_file': 'ranger-storm-plugin-properties'}
- ]
-
- for item in range(len(ranger_services)):
- if ranger_services[item]['service_name'] in servicesList:
- component_audit_file = ranger_services[item]['audit_file']
- if component_audit_file in services["configurations"]:
- ranger_audit_dict = [
- {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.db', 'target_configname': 'XAAUDIT.DB.IS_ENABLED'},
- {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs', 'target_configname': 'XAAUDIT.HDFS.IS_ENABLED'},
- {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs.dir', 'target_configname': 'XAAUDIT.HDFS.DESTINATION_DIRECTORY'}
- ]
- putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services)
-
- for item in ranger_audit_dict:
- if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]:
- if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]:
- rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']]
- else:
- rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']]
- putRangerAuditProperty(item['target_configname'], rangerAuditProperty)
-
-
-
-
- def recommendRangerConfigurationsFromHDP22(self, configurations, clusterData, services, hosts):
- putRangerEnvProperty = self.putProperty(configurations, "ranger-env")
- cluster_env = self.getServicesSiteProperties(services, "cluster-env")
- security_enabled = cluster_env is not None and "security_enabled" in cluster_env and \
- cluster_env["security_enabled"].lower() == "true"
- if "ranger-env" in configurations and not security_enabled:
- putRangerEnvProperty("ranger-storm-plugin-enabled", "No")
-
- def getDBConnectionHostPort(self, db_type, db_host):
- connection_string = ""
- if db_type is None or db_type == "":
- return connection_string
- else:
- colon_count = db_host.count(':')
- if colon_count == 0:
- if DB_TYPE_DEFAULT_PORT_MAP.has_key(db_type):
- connection_string = db_host + ":" + DB_TYPE_DEFAULT_PORT_MAP[db_type]
- else:
- connection_string = db_host
- elif colon_count == 1:
- connection_string = db_host
- elif colon_count == 2:
- connection_string = db_host
-
- return connection_string
-
-
- def getOracleDBConnectionHostPort(self, db_type, db_host, rangerDbName):
- connection_string = self.getDBConnectionHostPort(db_type, db_host)
- colon_count = db_host.count(':')
- if colon_count == 1 and '/' in db_host:
- connection_string = "//" + connection_string
- elif colon_count == 0 or colon_count == 1:
- connection_string = "//" + connection_string + "/" + rangerDbName if rangerDbName else "//" + connection_string
-
- return connection_string
-
- def recommendRangerUrlConfigurations(self, configurations, services, requiredServices):
- servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
-
- policymgr_external_url = ""
- if 'admin-properties' in services['configurations'] and 'policymgr_external_url' in services['configurations']['admin-properties']['properties']:
- if 'admin-properties' in configurations and 'policymgr_external_url' in configurations['admin-properties']['properties']:
- policymgr_external_url = configurations['admin-properties']['properties']['policymgr_external_url']
- else:
- policymgr_external_url = services['configurations']['admin-properties']['properties']['policymgr_external_url']
-
- for index in range(len(requiredServices)):
- if requiredServices[index]['service_name'] in servicesList:
- component_config_type = requiredServices[index]['config_type']
- component_name = requiredServices[index]['service_name']
- component_config_property = 'ranger.plugin.{0}.policy.rest.url'.format(component_name.lower())
- if requiredServices[index]['service_name'] == 'RANGER_KMS':
- component_config_property = 'ranger.plugin.kms.policy.rest.url'
- putRangerSecurityProperty = self.putProperty(configurations, component_config_type, services)
- if component_config_type in services["configurations"] and component_config_property in services["configurations"][component_config_type]["properties"]:
- putRangerSecurityProperty(component_config_property, policymgr_external_url)
-
- def recommendRangerConfigurationsFromHDP23(self, configurations, clusterData, services, hosts):
- servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
- putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services)
- putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
- putRangerUgsyncSite = self.putProperty(configurations, "ranger-ugsync-site", services)
-
- if 'admin-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['admin-properties']['properties'])\
- and ('db_host' in services['configurations']['admin-properties']['properties']) and ('db_name' in services['configurations']['admin-properties']['properties']):
-
- rangerDbFlavor = services['configurations']["admin-properties"]["properties"]["DB_FLAVOR"]
- rangerDbHost = services['configurations']["admin-properties"]["properties"]["db_host"]
- rangerDbName = services['configurations']["admin-properties"]["properties"]["db_name"]
- ranger_db_url_dict = {
- 'MYSQL': {'ranger.jpa.jdbc.driver': 'com.mysql.jdbc.Driver',
- 'ranger.jpa.jdbc.url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + '/' + rangerDbName},
- 'ORACLE': {'ranger.jpa.jdbc.driver': 'oracle.jdbc.driver.OracleDriver',
- 'ranger.jpa.jdbc.url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerDbFlavor, rangerDbHost, rangerDbName)},
- 'POSTGRES': {'ranger.jpa.jdbc.driver': 'org.postgresql.Driver',
- 'ranger.jpa.jdbc.url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + '/' + rangerDbName},
- 'MSSQL': {'ranger.jpa.jdbc.driver': 'com.microsoft.sqlserver.jdbc.SQLServerDriver',
- 'ranger.jpa.jdbc.url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';databaseName=' + rangerDbName},
- 'SQLA': {'ranger.jpa.jdbc.driver': 'sap.jdbc4.sqlanywhere.IDriver',
- 'ranger.jpa.jdbc.url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';database=' + rangerDbName}
- }
- rangerDbProperties = ranger_db_url_dict.get(rangerDbFlavor, ranger_db_url_dict['MYSQL'])
- for key in rangerDbProperties:
- putRangerAdminProperty(key, rangerDbProperties.get(key))
-
- if 'admin-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['admin-properties']['properties']) \
- and ('db_host' in services['configurations']['admin-properties']['properties']):
-
- rangerDbFlavor = services['configurations']["admin-properties"]["properties"]["DB_FLAVOR"]
- rangerDbHost = services['configurations']["admin-properties"]["properties"]["db_host"]
- ranger_db_privelege_url_dict = {
- 'MYSQL': {'ranger_privelege_user_jdbc_url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost)},
- 'ORACLE': {'ranger_privelege_user_jdbc_url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerDbFlavor, rangerDbHost, None)},
- 'POSTGRES': {'ranger_privelege_user_jdbc_url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + '/postgres'},
- 'MSSQL': {'ranger_privelege_user_jdbc_url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';'},
- 'SQLA': {'ranger_privelege_user_jdbc_url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';'}
- }
- rangerPrivelegeDbProperties = ranger_db_privelege_url_dict.get(rangerDbFlavor, ranger_db_privelege_url_dict['MYSQL'])
- for key in rangerPrivelegeDbProperties:
- putRangerEnvProperty(key, rangerPrivelegeDbProperties.get(key))
-
- # Recommend ldap settings based on ambari.properties configuration
- if 'ambari-server-properties' in services and \
- 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \
- services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true":
- serverProperties = services['ambari-server-properties']
- if 'authentication.ldap.baseDn' in serverProperties:
- putRangerUgsyncSite('ranger.usersync.ldap.searchBase', serverProperties['authentication.ldap.baseDn'])
- if 'authentication.ldap.groupMembershipAttr' in serverProperties:
- putRangerUgsyncSite('ranger.usersync.group.memberattributename', serverProperties['authentication.ldap.groupMembershipAttr'])
- if 'authentication.ldap.groupNamingAttr' in serverProperties:
- putRangerUgsyncSite('ranger.usersync.group.nameattribute', serverProperties['authentication.ldap.groupNamingAttr'])
- if 'authentication.ldap.groupObjectClass' in serverProperties:
- putRangerUgsyncSite('ranger.usersync.group.objectclass', serverProperties['authentication.ldap.groupObjectClass'])
- if 'authentication.ldap.managerDn' in serverProperties:
- putRangerUgsyncSite('ranger.usersync.ldap.binddn', serverProperties['authentication.ldap.managerDn'])
- if 'authentication.ldap.primaryUrl' in serverProperties:
- ldap_protocol = 'ldap://'
- if 'authentication.ldap.useSSL' in serverProperties and serverProperties['authentication.ldap.useSSL'] == 'true':
- ldap_protocol = 'ldaps://'
- ldapUrl = ldap_protocol + serverProperties['authentication.ldap.primaryUrl'] if serverProperties['authentication.ldap.primaryUrl'] else serverProperties['authentication.ldap.primaryUrl']
- putRangerUgsyncSite('ranger.usersync.ldap.url', ldapUrl)
- if 'authentication.ldap.userObjectClass' in serverProperties:
- putRangerUgsyncSite('ranger.usersync.ldap.user.objectclass', serverProperties['authentication.ldap.userObjectClass'])
- if 'authentication.ldap.usernameAttribute' in serverProperties:
- putRangerUgsyncSite('ranger.usersync.ldap.user.nameattribute', serverProperties['authentication.ldap.usernameAttribute'])
-
-
- # Recommend Ranger Authentication method
- authMap = {
- 'org.apache.ranger.unixusersync.process.UnixUserGroupBuilder': 'UNIX',
- 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder': 'LDAP'
- }
-
- if 'ranger-ugsync-site' in services['configurations'] and 'ranger.usersync.source.impl.class' in services['configurations']["ranger-ugsync-site"]["properties"]:
- rangerUserSyncClass = services['configurations']["ranger-ugsync-site"]["properties"]["ranger.usersync.source.impl.class"]
- if rangerUserSyncClass in authMap:
- rangerSqlConnectorProperty = authMap.get(rangerUserSyncClass)
- putRangerAdminProperty('ranger.authentication.method', rangerSqlConnectorProperty)
-
-
- if 'ranger-env' in services['configurations'] and 'is_solrCloud_enabled' in services['configurations']["ranger-env"]["properties"]:
- isSolrCloudEnabled = services['configurations']["ranger-env"]["properties"]["is_solrCloud_enabled"] == "true"
- else:
- isSolrCloudEnabled = False
-
- if isSolrCloudEnabled:
- zookeeper_host_port = self.getZKHostPortString(services)
- ranger_audit_zk_port = ''
- if zookeeper_host_port:
- ranger_audit_zk_port = '{0}/{1}'.format(zookeeper_host_port, 'ranger_audits')
- putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port)
- else:
- putRangerAdminProperty('ranger.audit.solr.zookeepers', 'NONE')
-
- # Recommend ranger.audit.solr.zookeepers and xasecure.audit.destination.hdfs.dir
- include_hdfs = "HDFS" in servicesList
- if include_hdfs:
- if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
- default_fs = services['configurations']['core-site']['properties']['fs.defaultFS']
- putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', '{0}/{1}/{2}'.format(default_fs,'ranger','audit'))
-
- # Recommend Ranger supported service's audit properties
- ranger_services = [
- {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'},
- {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'},
- {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-audit'},
- {'service_name': 'HIVE', 'audit_file': 'ranger-hive-audit'},
- {'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'},
- {'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'},
- {'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'}
- ]
-
- for item in range(len(ranger_services)):
- if ranger_services[item]['service_name'] in servicesList:
- component_audit_file = ranger_services[item]['audit_file']
- if component_audit_file in services["configurations"]:
- ranger_audit_dict = [
- {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.db', 'target_configname': 'xasecure.audit.destination.db'},
- {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs', 'target_configname': 'xasecure.audit.destination.hdfs'},
- {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs.dir', 'target_configname': 'xasecure.audit.destination.hdfs.dir'},
- {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.solr', 'target_configname': 'xasecure.audit.destination.solr'},
- {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.urls', 'target_configname': 'xasecure.audit.destination.solr.urls'},
- {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.zookeepers', 'target_configname': 'xasecure.audit.destination.solr.zookeepers'}
- ]
- putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services)
-
- for item in ranger_audit_dict:
- if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]:
- if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]:
- rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']]
- else:
- rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']]
- putRangerAuditProperty(item['target_configname'], rangerAuditProperty)
-
- audit_solr_flag = 'false'
- audit_db_flag = 'false'
- ranger_audit_source_type = 'solr'
- if 'ranger-env' in services['configurations'] and 'xasecure.audit.destination.solr' in services['configurations']["ranger-env"]["properties"]:
- audit_solr_flag = services['configurations']["ranger-env"]["properties"]['xasecure.audit.destination.solr']
- if 'ranger-env' in services['configurations'] and 'xasecure.audit.destination.db' in services['configurations']["ranger-env"]["properties"]:
- audit_db_flag = services['configurations']["ranger-env"]["properties"]['xasecure.audit.destination.db']
-
- if audit_db_flag == 'true' and audit_solr_flag == 'false':
- ranger_audit_source_type = 'db'
- putRangerAdminProperty('ranger.audit.source.type',ranger_audit_source_type)
-
- knox_host = 'localhost'
- knox_port = '8443'
- if 'KNOX' in servicesList:
- knox_hosts = self.getComponentHostNames(services, "KNOX", "KNOX_GATEWAY")
- if len(knox_hosts) > 0:
- knox_hosts.sort()
- knox_host = knox_hosts[0]
- if 'gateway-site' in services['configurations'] and 'gateway.port' in services['configurations']["gateway-site"]["properties"]:
- knox_port = services['configurations']["gateway-site"]["properties"]['gateway.port']
- putRangerAdminProperty('ranger.sso.providerurl', 'https://{0}:{1}/gateway/knoxsso/api/v1/websso'.format(knox_host, knox_port))
-
- required_services = [
- {'service_name': 'HDFS', 'config_type': 'ranger-hdfs-security'},
- {'service_name': 'YARN', 'config_type': 'ranger-yarn-security'},
- {'service_name': 'HBASE', 'config_type': 'ranger-hbase-security'},
- {'service_name': 'HIVE', 'config_type': 'ranger-hive-security'},
- {'service_name': 'KNOX', 'config_type': 'ranger-knox-security'},
- {'service_name': 'KAFKA', 'config_type': 'ranger-kafka-security'},
- {'service_name': 'RANGER_KMS','config_type': 'ranger-kms-security'},
- {'service_name': 'STORM', 'config_type': 'ranger-storm-security'}
- ]
-
- # recommendation for ranger url for ranger-supported plugins
- self.recommendRangerUrlConfigurations(configurations, services, required_services)
-
-
- def recommendRangerConfigurationsFromHDP25(self, configurations, clusterData, services, hosts):
- servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
- has_ranger_tagsync = False
-
- putTagsyncAppProperty = self.putProperty(configurations, "tagsync-application-properties", services)
- putTagsyncSiteProperty = self.putProperty(configurations, "ranger-tagsync-site", services)
- putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services)
- putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
-
- application_properties = self.getServicesSiteProperties(services, "application-properties")
-
- ranger_tagsync_host = self.getHostsForComponent(services, "RANGER", "RANGER_TAGSYNC")
- has_ranger_tagsync = len(ranger_tagsync_host) > 0
-
- if 'ATLAS' in servicesList and has_ranger_tagsync:
- atlas_hosts = self.getHostNamesWithComponent("ATLAS", "ATLAS_SERVER", services)
- atlas_host = 'localhost' if len(atlas_hosts) == 0 else atlas_hosts[0]
- protocol = 'http'
- atlas_port = '21000'
-
- if application_properties and 'atlas.enableTLS' in application_properties and application_properties['atlas.enableTLS'].lower() == 'true':
- protocol = 'https'
- if 'atlas.server.https.port' in application_properties:
- atlas_port = application_properties['atlas.server.https.port']
- else:
- protocol = 'http'
- if application_properties and 'atlas.server.http.port' in application_properties:
- atlas_port = application_properties['atlas.server.http.port']
-
- atlas_rest_endpoint = '{0}://{1}:{2}'.format(protocol, atlas_host, atlas_port)
-
- putTagsyncSiteProperty('ranger.tagsync.source.atlas', 'true')
- putTagsyncSiteProperty('ranger.tagsync.source.atlasrest.endpoint', atlas_rest_endpoint)
-
- zookeeper_host_port = self.getZKHostPortString(services)
- if zookeeper_host_port and has_ranger_tagsync:
- putTagsyncAppProperty('atlas.kafka.zookeeper.connect', zookeeper_host_port)
-
- if 'KAFKA' in servicesList and has_ranger_tagsync:
- kafka_hosts = self.getHostNamesWithComponent("KAFKA", "KAFKA_BROKER", services)
- kafka_port = '6667'
- if 'kafka-broker' in services['configurations'] and (
- 'port' in services['configurations']['kafka-broker']['properties']):
- kafka_port = services['configurations']['kafka-broker']['properties']['port']
- kafka_host_port = []
- for i in range(len(kafka_hosts)):
- kafka_host_port.append(kafka_hosts[i] + ':' + kafka_port)
-
- final_kafka_host = ",".join(kafka_host_port)
- putTagsyncAppProperty('atlas.kafka.bootstrap.servers', final_kafka_host)
-
- is_solr_cloud_enabled = False
- if 'ranger-env' in services['configurations'] and 'is_solrCloud_enabled' in services['configurations']['ranger-env']['properties']:
- is_solr_cloud_enabled = services['configurations']['ranger-env']['properties']['is_solrCloud_enabled'] == 'true'
-
- is_external_solr_cloud_enabled = False
- if 'ranger-env' in services['configurations'] and 'is_external_solrCloud_enabled' in services['configurations']['ranger-env']['properties']:
- is_external_solr_cloud_enabled = services['configurations']['ranger-env']['properties']['is_external_solrCloud_enabled'] == 'true'
-
- ranger_audit_zk_port = ''
-
- if 'AMBARI_INFRA' in servicesList and zookeeper_host_port and is_solr_cloud_enabled and not is_external_solr_cloud_enabled:
- zookeeper_host_port = zookeeper_host_port.split(',')
- zookeeper_host_port.sort()
- zookeeper_host_port = ",".join(zookeeper_host_port)
- infra_solr_znode = '/infra-solr'
-
- if 'infra-solr-env' in services['configurations'] and \
- ('infra_solr_znode' in services['configurations']['infra-solr-env']['properties']):
- infra_solr_znode = services['configurations']['infra-solr-env']['properties']['infra_solr_znode']
- ranger_audit_zk_port = '{0}{1}'.format(zookeeper_host_port, infra_solr_znode)
- putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port)
- elif zookeeper_host_port and is_solr_cloud_enabled and is_external_solr_cloud_enabled:
- ranger_audit_zk_port = '{0}/{1}'.format(zookeeper_host_port, 'ranger_audits')
- putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port)
- else:
- putRangerAdminProperty('ranger.audit.solr.zookeepers', 'NONE')
-
- ranger_services = [
- {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'},
- {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'},
- {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-audit'},
- {'service_name': 'HIVE', 'audit_file': 'ranger-hive-audit'},
- {'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'},
- {'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'},
- {'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'},
- {'service_name': 'RANGER_KMS', 'audit_file': 'ranger-kms-audit'},
- {'service_name': 'ATLAS', 'audit_file': 'ranger-atlas-audit'}
- ]
-
- for item in range(len(ranger_services)):
- if ranger_services[item]['service_name'] in servicesList:
- component_audit_file = ranger_services[item]['audit_file']
- if component_audit_file in services["configurations"]:
- ranger_audit_dict = [
- {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.urls', 'target_configname': 'xasecure.audit.destination.solr.urls'},
- {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.zookeepers', 'target_configname': 'xasecure.audit.destination.solr.zookeepers'}
- ]
- putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services)
-
- for item in ranger_audit_dict:
- if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]:
- if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]:
- rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']]
- else:
- rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']]
- putRangerAuditProperty(item['target_configname'], rangerAuditProperty)
-
- if "HDFS" in servicesList:
- hdfs_user = None
- if "hadoop-env" in services["configurations"] and "hdfs_user" in services["configurations"]["hadoop-env"]["properties"]:
- hdfs_user = services["configurations"]["hadoop-env"]["properties"]["hdfs_user"]
- putRangerAdminProperty('ranger.kms.service.user.hdfs', hdfs_user)
-
- if "HIVE" in servicesList:
- hive_user = None
- if "hive-env" in services["configurations"] and "hive_user" in services["configurations"]["hive-env"]["properties"]:
- hive_user = services["configurations"]["hive-env"]["properties"]["hive_user"]
- putRangerAdminProperty('ranger.kms.service.user.hive', hive_user)
-
- ranger_plugins_serviceuser = [
- {'service_name': 'HDFS', 'file_name': 'hadoop-env', 'config_name': 'hdfs_user', 'target_configname': 'ranger.plugins.hdfs.serviceuser'},
- {'service_name': 'HIVE', 'file_name': 'hive-env', 'config_name': 'hive_user', 'target_configname': 'ranger.plugins.hive.serviceuser'},
- {'service_name': 'YARN', 'file_name': 'yarn-env', 'config_name': 'yarn_user', 'target_configname': 'ranger.plugins.yarn.serviceuser'},
- {'service_name': 'HBASE', 'file_name': 'hbase-env', 'config_name': 'hbase_user', 'target_configname': 'ranger.plugins.hbase.serviceuser'},
- {'service_name': 'KNOX', 'file_name': 'knox-env', 'config_name': 'knox_user', 'target_configname': 'ranger.plugins.knox.serviceuser'},
- {'service_name': 'STORM', 'file_name': 'storm-env', 'config_name': 'storm_user', 'target_configname': 'ranger.plugins.storm.serviceuser'},
- {'service_name': 'KAFKA', 'file_name': 'kafka-env', 'config_name': 'kafka_user', 'target_configname': 'ranger.plugins.kafka.serviceuser'},
- {'service_name': 'RANGER_KMS', 'file_name': 'kms-env', 'config_name': 'kms_user', 'target_configname': 'ranger.plugins.kms.serviceuser'},
- {'service_name': 'ATLAS', 'file_name': 'atlas-env', 'config_name': 'metadata_user', 'target_configname': 'ranger.plugins.atlas.serviceuser'}
- ]
-
- for item in range(len(ranger_plugins_serviceuser)):
- if ranger_plugins_serviceuser[item]['service_name'] in servicesList:
- file_name = ranger_plugins_serviceuser[item]['file_name']
- config_name = ranger_plugins_serviceuser[item]['config_name']
- target_configname = ranger_plugins_serviceuser[item]['target_configname']
- if file_name in services["configurations"] and config_name in services["configurations"][file_name]["properties"]:
- service_user = services["configurations"][file_name]["properties"][config_name]
- putRangerAdminProperty(target_configname, service_user)
-
- if "ATLAS" in servicesList:
- if "ranger-env" in services["configurations"]:
- putAtlasRangerAuditProperty = self.putProperty(configurations, 'ranger-atlas-audit', services)
- xasecure_audit_destination_hdfs = ''
- xasecure_audit_destination_hdfs_dir = ''
- xasecure_audit_destination_solr = ''
- if 'xasecure.audit.destination.hdfs' in configurations['ranger-env']['properties']:
- xasecure_audit_destination_hdfs = configurations['ranger-env']['properties']['xasecure.audit.destination.hdfs']
- else:
- xasecure_audit_destination_hdfs = services['configurations']['ranger-env']['properties']['xasecure.audit.destination.hdfs']
-
- if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
- xasecure_audit_destination_hdfs_dir = '{0}/{1}/{2}'.format(services['configurations']['core-site']['properties']['fs.defaultFS'] ,'ranger','audit')
-
- if 'xasecure.audit.destination.solr' in configurations['ranger-env']['properties']:
- xasecure_audit_destination_solr = configurations['ranger-env']['properties']['xasecure.audit.destination.solr']
- else:
- xasecure_audit_destination_solr = services['configurations']['ranger-env']['properties']['xasecure.audit.destination.solr']
-
- putAtlasRangerAuditProperty('xasecure.audit.destination.hdfs',xasecure_audit_destination_hdfs)
- putAtlasRangerAuditProperty('xasecure.audit.destination.hdfs.dir',xasecure_audit_destination_hdfs_dir)
- putAtlasRangerAuditProperty('xasecure.audit.destination.solr',xasecure_audit_destination_solr)
- required_services = [
- {'service_name': 'ATLAS', 'config_type': 'ranger-atlas-security'}
- ]
-
- # recommendation for ranger url for ranger-supported plugins
- self.recommendRangerUrlConfigurations(configurations, services, required_services)
-
-
- def recommendRangerConfigurationsFromHDP26(self, configurations, clusterData, services, hosts):
-
- putRangerUgsyncSite = self.putProperty(configurations, 'ranger-ugsync-site', services)
-
- delta_sync_enabled = False
- if 'ranger-ugsync-site' in services['configurations'] and 'ranger.usersync.ldap.deltasync' in services['configurations']['ranger-ugsync-site']['properties']:
- delta_sync_enabled = services['configurations']['ranger-ugsync-site']['properties']['ranger.usersync.ldap.deltasync'] == "true"
-
- if delta_sync_enabled:
- putRangerUgsyncSite("ranger.usersync.group.searchenabled", "true")
- else:
- putRangerUgsyncSite("ranger.usersync.group.searchenabled", "false")
-
-
-
-
-
-class RangerValidator(service_advisor.ServiceAdvisor):
- """
- Ranger Validator checks the correctness of properties whenever the service is first added or the user attempts to
- change configs via the UI.
- """
-
- def __init__(self, *args, **kwargs):
- self.as_super = super(RangerValidator, self)
- self.as_super.__init__(*args, **kwargs)
-
- self.validators = [("ranger-env", self.validateRangerConfigurationsEnvFromHDP22),
- ("admin-properties", self.validateRangerAdminConfigurationsFromHDP23),
- ("ranger-env", self.validateRangerConfigurationsEnvFromHDP23),
- ("ranger-tagsync-site", self.validateRangerTagsyncConfigurationsFromHDP25),
- ("ranger-ugsync-site", self.validateRangerUsersyncConfigurationsFromHDP26)]
-
-
-
- def validateRangerConfigurationsEnvFromHDP22(self, properties, recommendedDefaults, configurations, services, hosts):
- ranger_env_properties = properties
- validationItems = []
- servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
- if "ranger-storm-plugin-enabled" in ranger_env_properties and ranger_env_properties['ranger-storm-plugin-enabled'].lower() == 'yes' and not 'KERBEROS' in servicesList:
- validationItems.append({"config-name": "ranger-storm-plugin-enabled",
- "item": self.getWarnItem("Ranger Storm plugin should not be enabled in non-kerberos environment.")})
- return self.toConfigurationValidationProblems(validationItems, "ranger-env")
-
- def validateRangerAdminConfigurationsFromHDP23(self, properties, recommendedDefaults, configurations, services, hosts):
- ranger_site = properties
- validationItems = []
- servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
- if 'RANGER' in servicesList and 'policymgr_external_url' in ranger_site:
- policymgr_mgr_url = ranger_site['policymgr_external_url']
- if policymgr_mgr_url.endswith('/'):
- validationItems.append({'config-name':'policymgr_external_url',
- 'item':self.getWarnItem('Ranger External URL should not contain trailing slash "/"')})
- return self.toConfigurationValidationProblems(validationItems,'admin-properties')
-
-
- def validateRangerConfigurationsEnvFromHDP23(self, properties, recommendedDefaults, configurations, services, hosts):
- ranger_env_properties = properties
- validationItems = []
- security_enabled = self.isSecurityEnabled(services)
-
- if "ranger-kafka-plugin-enabled" in ranger_env_properties and ranger_env_properties["ranger-kafka-plugin-enabled"].lower() == 'yes' and not security_enabled:
- validationItems.append({"config-name": "ranger-kafka-plugin-enabled",
- "item": self.getWarnItem(
- "Ranger Kafka plugin should not be enabled in non-kerberos environment.")})
-
- validationProblems = self.toConfigurationValidationProblems(validationItems, "ranger-env")
- return validationProblems
-
-
- def validateRangerTagsyncConfigurationsFromHDP25(self, properties, recommendedDefaults, configurations, services, hosts):
- ranger_tagsync_properties = properties
- validationItems = []
- servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
-
- has_atlas = False
- if "RANGER" in servicesList:
- has_atlas = not "ATLAS" in servicesList
-
- if has_atlas and 'ranger.tagsync.source.atlas' in ranger_tagsync_properties and \
- ranger_tagsync_properties['ranger.tagsync.source.atlas'].lower() == 'true':
- validationItems.append({"config-name": "ranger.tagsync.source.atlas",
- "item": self.getWarnItem(
- "Need to Install ATLAS service to set ranger.tagsync.source.atlas as true.")})
-
- return self.toConfigurationValidationProblems(validationItems, "ranger-tagsync-site")
-
- def validateRangerUsersyncConfigurationsFromHDP26(self, properties, recommendedDefaults, configurations, services, hosts):
- ranger_usersync_properties = properties
- validationItems = []
-
- delta_sync_enabled = 'ranger.usersync.ldap.deltasync' in ranger_usersync_properties \
- and ranger_usersync_properties['ranger.usersync.ldap.deltasync'].lower() == 'true'
- group_sync_enabled = 'ranger.usersync.group.searchenabled' in ranger_usersync_properties \
- and ranger_usersync_properties['ranger.usersync.group.searchenabled'].lower() == 'true'
- usersync_source_ldap_enabled = 'ranger.usersync.source.impl.class' in ranger_usersync_properties \
- and ranger_usersync_properties['ranger.usersync.source.impl.class'] == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder'
-
- if usersync_source_ldap_enabled and delta_sync_enabled and not group_sync_enabled:
- validationItems.append({"config-name": "ranger.usersync.group.searchenabled",
- "item": self.getWarnItem(
- "Need to set ranger.usersync.group.searchenabled as true, as ranger.usersync.ldap.deltasync is enabled")})
-
- return self.toConfigurationValidationProblems(validationItems, "ranger-ugsync-site")
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json
deleted file mode 100644
index e6724cd..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json
+++ /dev/null
@@ -1,722 +0,0 @@
-{
- "name": "default",
- "description": "Default theme for Ranger service",
- "configuration": {
- "layouts": [
- {
- "name": "default",
- "tabs": [
- {
- "name": "ranger_admin_settings",
- "display-name": "Ranger Admin",
- "layout": {
- "tab-columns": "2",
- "tab-rows": "2",
- "sections": [
- {
- "name": "section-ranger-admin",
- "display-name": "Ranger Admin",
- "row-index": "0",
- "column-index": "0",
- "row-span": "3",
- "column-span": "2",
- "section-columns": "2",
- "section-rows": "3",
- "subsections": [
- {
- "name": "subsection-ranger-db-row1-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-ranger-db-row1-col2",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-ranger-db-root-user-col1",
- "row-index": "1",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-ranger-db-root-user-col2",
- "row-index": "1",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- }
- ]
- }
- },
- {
- "name": "ranger_user_info",
- "display-name": "Ranger User Info",
- "layout": {
- "tab-columns": "1",
- "tab-rows": "1",
- "sections": [
- {
- "name": "section-user-info",
- "display-name": "Ranger User Info",
- "row-index": "0",
- "column-index": "0",
- "row-span": "2",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "2",
- "subsections": [
- {
- "name": "subsection-ranger-user-row2-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "subsection-tabs": [
- {
- "name": "ldap-common-configs",
- "display-name": "Common Configs",
- "depends-on": [
- {
- "configs": [
- "usersync-properties/SYNC_SOURCE"
- ],
- "if": "${usersync-properties/SYNC_SOURCE} === ldap",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "name": "ldap-user-configs",
- "display-name": "User Configs",
- "depends-on": [
- {
- "configs": [
- "usersync-properties/SYNC_SOURCE"
- ],
- "if": "${usersync-properties/SYNC_SOURCE} === ldap",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- }
- ]
- }
- ]
- }
- ]
- }
- },
- {
- "name": "ranger_plugin",
- "display-name": "Ranger Plugin",
- "layout": {
- "tab-columns": "1",
- "tab-rows": "1",
- "sections": [
- {
- "name": "section-ranger-plugin",
- "display-name": "Ranger Plugin",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "3",
- "section-columns": "3",
- "section-rows": "1",
- "subsections": [
- {
- "name": "section-ranger-plugin-row1-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "section-ranger-plugin-row1-col2",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "section-ranger-plugin-row1-col3",
- "row-index": "0",
- "column-index": "2",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- }
- ]
- }
- },
- {
- "name": "ranger_audit_settings",
- "display-name": "Ranger Audit",
- "layout": {
- "tab-columns": "1",
- "tab-rows": "2",
- "sections": [
- {
- "name": "section-ranger-audit-hdfs",
- "display-name": "Audit to HDFS",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-hdfs-row1-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- },
- {
- "name": "section-ranger-audit-db",
- "display-name": "Audit to DB",
- "row-index": "1",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "1",
- "subsections": [
- {
- "name": "subsection-ranger-audit-db-row2-col1",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-ranger-audit-db-row2-col2",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1"
- }
- ]
- }
- ]
- }
- }
- ]
- }
- ],
- "placement": {
- "configuration-layout": "default",
- "configs": [
- {
- "config": "admin-properties/DB_FLAVOR",
- "subsection-name": "subsection-ranger-db-row1-col1"
- },
- {
- "config": "admin-properties/db_name",
- "subsection-name": "subsection-ranger-db-row1-col1"
- },
- {
- "config": "admin-properties/db_user",
- "subsection-name": "subsection-ranger-db-row1-col1"
- },
- {
- "config": "ranger-admin-site/ranger.jpa.jdbc.url",
- "subsection-name": "subsection-ranger-db-row1-col1"
- },
- {
- "config": "admin-properties/db_host",
- "subsection-name": "subsection-ranger-db-row1-col2"
- },
- {
- "config": "ranger-admin-site/ranger.jpa.jdbc.driver",
- "subsection-name": "subsection-ranger-db-row1-col2"
- },
- {
- "config": "admin-properties/db_password",
- "subsection-name": "subsection-ranger-db-row1-col2"
- },
- {
- "config": "admin-properties/db_root_user",
- "subsection-name": "subsection-ranger-db-root-user-col1"
- },
- {
- "config": "admin-properties/db_root_password",
- "subsection-name": "subsection-ranger-db-root-user-col2"
- },
- {
- "config": "usersync-properties/SYNC_SOURCE",
- "subsection-name": "subsection-ranger-user-row2-col1"
- },
-
- {
- "config": "usersync-properties/MIN_UNIX_USER_ID_TO_SYNC",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "depends-on": [
- {
- "configs":[
- "usersync-properties/SYNC_SOURCE"
- ],
- "if": "${usersync-properties/SYNC_SOURCE} === unix",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "usersync-properties/SYNC_LDAP_URL",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs"
- },
- {
- "config": "ranger-env/bind_anonymous",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs"
- },
- {
- "config": "usersync-properties/SYNC_LDAP_BIND_DN",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-env/bind_anonymous"
- ],
- "if": "${ranger-env/bind_anonymous}",
- "then": {
- "property_value_attributes": {
- "visible": false
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": true
- }
- }
- }
- ]
-
- },
- {
- "config": "usersync-properties/SYNC_LDAP_BIND_PASSWORD",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-common-configs",
- "depends-on": [
- {
- "configs":[
- "ranger-env/bind_anonymous"
- ],
- "if": "${ranger-env/bind_anonymous}",
- "then": {
- "property_value_attributes": {
- "visible": false
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": true
- }
- }
- }
- ]
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_BASE",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE",
- "subsection-name": "subsection-ranger-user-row2-col1",
- "subsection-tab-name": "ldap-user-configs"
- },
- {
- "config": "ranger-env/ranger-hdfs-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col1",
- "depends-on": [
- {
- "resource": "service",
- "if": "HDFS",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-hive-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col1",
- "depends-on": [
- {
- "resource": "service",
- "if": "HIVE",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-hbase-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col2",
- "depends-on": [
- {
- "resource": "service",
- "if": "HBASE",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-storm-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col2",
- "depends-on": [
- {
- "resource": "service",
- "if": "STORM",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/ranger-knox-plugin-enabled",
- "subsection-name": "section-ranger-plugin-row1-col3",
- "depends-on": [
- {
- "resource": "service",
- "if": "KNOX",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs",
- "subsection-name": "subsection-ranger-hdfs-row1-col1"
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
- "subsection-name": "subsection-ranger-hdfs-row1-col1",
- "depends-on": [
- {
- "configs":[
- "ranger-env/xasecure.audit.destination.hdfs"
- ],
- "if": "${ranger-env/xasecure.audit.destination.hdfs}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "config": "ranger-env/xasecure.audit.destination.db",
- "subsection-name": "subsection-ranger-audit-db-row2-col1"
- },
- {
- "config": "admin-properties/audit_db_user",
- "subsection-name": "subsection-ranger-audit-db-row2-col1"
- },
- {
- "config": "admin-properties/audit_db_name",
- "subsection-name": "subsection-ranger-audit-db-row2-col2"
- },
- {
- "config": "admin-properties/audit_db_password",
- "subsection-name": "subsection-ranger-audit-db-row2-col2"
- }
- ]
- },
- "widgets": [
- {
- "config": "admin-properties/DB_FLAVOR",
- "widget": {
- "type": "combo"
- }
- },
- {
- "config": "admin-properties/db_user",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/db_name",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-admin-site/ranger.jpa.jdbc.url",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/db_host",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/db_password",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "admin-properties/db_root_user",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/db_root_password",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "usersync-properties/SYNC_SOURCE",
- "widget": {
- "type": "combo"
- }
- },
- {
- "config": "usersync-properties/MIN_UNIX_USER_ID_TO_SYNC",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "usersync-properties/SYNC_LDAP_URL",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-env/bind_anonymous",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "usersync-properties/SYNC_LDAP_BIND_DN",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "usersync-properties/SYNC_LDAP_BIND_PASSWORD",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_BASE",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-env/ranger-hdfs-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-hive-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-hbase-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-knox-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/ranger-storm-plugin-enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "ranger-env/xasecure.audit.destination.db",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "admin-properties/audit_db_user",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/audit_db_name",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "admin-properties/audit_db_password",
- "widget": {
- "type": "password"
- }
- }
- ]
- }
-}
-
[03/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py
deleted file mode 100644
index 34d0082..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/status_params.py
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management.libraries.script import Script
-from resource_management.libraries.functions.format import format
-from resource_management.libraries.functions.default import default
-from resource_management.libraries.functions.version import format_stack_version
-from resource_management.libraries.functions.stack_features import check_stack_feature
-from resource_management.libraries.functions import StackFeature
-
-config = Script.get_config()
-tmp_dir = Script.get_tmp_dir()
-
-stack_name = default("/hostLevelParams/stack_name", None)
-stack_version_unformatted = config['hostLevelParams']['stack_version']
-stack_version_formatted = format_stack_version(stack_version_unformatted)
-stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KMS_PID_SUPPORT, stack_version_formatted)
-ranger_kms_pid_dir = default("/configurations/kms-env/ranger_kms_pid_dir", "/var/run/ranger_kms")
-ranger_kms_pid_file = format('{ranger_kms_pid_dir}/rangerkms.pid')
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py
deleted file mode 100644
index 8478bb8..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/scripts/upgrade.py
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-from resource_management.core.resources.system import Execute
-from resource_management.libraries.functions import conf_select
-from resource_management.libraries.functions import stack_select
-from resource_management.libraries.functions.format import format
-
-def prestart(env, stack_component):
- import params
-
- if params.version and params.stack_supports_config_versioning:
- conf_select.select(params.stack_name, stack_component, params.version)
- stack_select.select(stack_component, params.version)
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2 b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2
deleted file mode 100644
index 306fade..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/package/templates/input.config-ranger-kms.json.j2
+++ /dev/null
@@ -1,48 +0,0 @@
-{#
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #}
-{
- "input":[
- {
- "type":"ranger_kms",
- "rowtype":"service",
- "path":"{{default('/configurations/kms-env/kms_log_dir', '/var/log/ranger/kms')}}/kms.log"
- }
- ],
- "filter":[
- {
- "filter":"grok",
- "conditions":{
- "fields":{
- "type":[
- "ranger_kms"
- ]
- }
- },
- "log4j_format":"%d{ISO8601} %-5p %c{1} - %m%n",
- "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})",
- "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
- "post_map_values":{
- "logtime":{
- "map_date":{
- "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS"
- }
- }
- }
- }
- ]
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json
deleted file mode 100644
index 7ddab41..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/role_command_order.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "general_deps" : {
- "_comment" : "dependencies for RANGER-KMS",
- "RANGER_KMS_SERVER-START" : ["RANGER_ADMIN-START", "NAMENODE-START"],
- "RANGER_KMS_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_KMS_SERVER-START"]
- }
-}
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py
deleted file mode 100644
index 9c33218..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/service_advisor.py
+++ /dev/null
@@ -1,281 +0,0 @@
-#!/usr/bin/env ambari-python-wrap
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-
-# Python imports
-import imp
-import os
-import traceback
-import re
-import socket
-import fnmatch
-
-
-from resource_management.core.logger import Logger
-
-SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
-STACKS_DIR = os.path.join(SCRIPT_DIR, '../../../stacks/')
-PARENT_FILE = os.path.join(STACKS_DIR, 'service_advisor.py')
-
-try:
- with open(PARENT_FILE, 'rb') as fp:
- service_advisor = imp.load_module('service_advisor', fp, PARENT_FILE, ('.py', 'rb', imp.PY_SOURCE))
-except Exception as e:
- traceback.print_exc()
- print "Failed to load parent"
-
-class RangerKMSServiceAdvisor(service_advisor.ServiceAdvisor):
-
- def __init__(self, *args, **kwargs):
- self.as_super = super(RangerKMSServiceAdvisor, self)
- self.as_super.__init__(*args, **kwargs)
-
- # Always call these methods
- self.modifyMastersWithMultipleInstances()
- self.modifyCardinalitiesDict()
- self.modifyHeapSizeProperties()
- self.modifyNotValuableComponents()
- self.modifyComponentsNotPreferableOnServer()
- self.modifyComponentLayoutSchemes()
-
- def modifyMastersWithMultipleInstances(self):
- """
- Modify the set of masters with multiple instances.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def modifyCardinalitiesDict(self):
- """
- Modify the dictionary of cardinalities.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def modifyHeapSizeProperties(self):
- """
- Modify the dictionary of heap size properties.
- Must be overriden in child class.
- """
- pass
-
- def modifyNotValuableComponents(self):
- """
- Modify the set of components whose host assignment is based on other services.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def modifyComponentsNotPreferableOnServer(self):
- """
- Modify the set of components that are not preferable on the server.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def modifyComponentLayoutSchemes(self):
- """
- Modify layout scheme dictionaries for components.
- The scheme dictionary basically maps the number of hosts to
- host index where component should exist.
- Must be overriden in child class.
- """
- # Nothing to do
- pass
-
- def getServiceComponentLayoutValidations(self, services, hosts):
- """
- Get a list of errors.
- Must be overriden in child class.
- """
-
- return []
-
- def getServiceConfigurationRecommendations(self, configurations, clusterData, services, hosts):
- """
- Entry point.
- Must be overriden in child class.
- """
- #Logger.info("Class: %s, Method: %s. Recommending Service Configurations." %
- # (self.__class__.__name__, inspect.stack()[0][3]))
-
- recommender = RangerKMSRecommender()
- recommender.recommendRangerKMSConfigurationsFromHDP23(configurations, clusterData, services, hosts)
- recommender.recommendRangerKMSConfigurationsFromHDP25(configurations, clusterData, services, hosts)
-
-
-
- def getServiceConfigurationsValidationItems(self, configurations, recommendedDefaults, services, hosts):
- """
- Entry point.
- Validate configurations for the service. Return a list of errors.
- The code for this function should be the same for each Service Advisor.
- """
- #Logger.info("Class: %s, Method: %s. Validating Configurations." %
- # (self.__class__.__name__, inspect.stack()[0][3]))
-
- validator = RangerKMSValidator()
- # Calls the methods of the validator using arguments,
- # method(siteProperties, siteRecommendations, configurations, services, hosts)
- return validator.validateListOfConfigUsingMethod(configurations, recommendedDefaults, services, hosts, validator.validators)
-
-
-
-class RangerKMSRecommender(service_advisor.ServiceAdvisor):
- """
- RangerKMS Recommender suggests properties when adding the service for the first time or modifying configs via the UI.
- """
-
- def __init__(self, *args, **kwargs):
- self.as_super = super(RangerKMSRecommender, self)
- self.as_super.__init__(*args, **kwargs)
-
-
- def recommendRangerKMSConfigurationsFromHDP23(self, configurations, clusterData, services, hosts):
- servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
- putRangerKmsDbksProperty = self.putProperty(configurations, "dbks-site", services)
- putRangerKmsProperty = self.putProperty(configurations, "kms-properties", services)
- kmsEnvProperties = self.getSiteProperties(services['configurations'], 'kms-env')
- putCoreSiteProperty = self.putProperty(configurations, "core-site", services)
- putCoreSitePropertyAttribute = self.putPropertyAttribute(configurations, "core-site")
- putRangerKmsAuditProperty = self.putProperty(configurations, "ranger-kms-audit", services)
- security_enabled = self.isSecurityEnabled(services)
- putRangerKmsSiteProperty = self.putProperty(configurations, "kms-site", services)
- putRangerKmsSitePropertyAttribute = self.putPropertyAttribute(configurations, "kms-site")
-
- if 'kms-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['kms-properties']['properties']):
-
- rangerKmsDbFlavor = services['configurations']["kms-properties"]["properties"]["DB_FLAVOR"]
-
- if ('db_host' in services['configurations']['kms-properties']['properties']) and ('db_name' in services['configurations']['kms-properties']['properties']):
-
- rangerKmsDbHost = services['configurations']["kms-properties"]["properties"]["db_host"]
- rangerKmsDbName = services['configurations']["kms-properties"]["properties"]["db_name"]
-
- ranger_kms_db_url_dict = {
- 'MYSQL': {'ranger.ks.jpa.jdbc.driver': 'com.mysql.jdbc.Driver',
- 'ranger.ks.jpa.jdbc.url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + '/' + rangerKmsDbName},
- 'ORACLE': {'ranger.ks.jpa.jdbc.driver': 'oracle.jdbc.driver.OracleDriver',
- 'ranger.ks.jpa.jdbc.url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost, rangerKmsDbName)},
- 'POSTGRES': {'ranger.ks.jpa.jdbc.driver': 'org.postgresql.Driver',
- 'ranger.ks.jpa.jdbc.url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + '/' + rangerKmsDbName},
- 'MSSQL': {'ranger.ks.jpa.jdbc.driver': 'com.microsoft.sqlserver.jdbc.SQLServerDriver',
- 'ranger.ks.jpa.jdbc.url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + ';databaseName=' + rangerKmsDbName},
- 'SQLA': {'ranger.ks.jpa.jdbc.driver': 'sap.jdbc4.sqlanywhere.IDriver',
- 'ranger.ks.jpa.jdbc.url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerKmsDbFlavor, rangerKmsDbHost) + ';database=' + rangerKmsDbName}
- }
-
- rangerKmsDbProperties = ranger_kms_db_url_dict.get(rangerKmsDbFlavor, ranger_kms_db_url_dict['MYSQL'])
- for key in rangerKmsDbProperties:
- putRangerKmsDbksProperty(key, rangerKmsDbProperties.get(key))
-
- if kmsEnvProperties and self.checkSiteProperties(kmsEnvProperties, 'kms_user') and 'KERBEROS' in servicesList:
- kmsUser = kmsEnvProperties['kms_user']
- kmsUserOld = self.getOldValue(services, 'kms-env', 'kms_user')
- self.put_proxyuser_value(kmsUser, '*', is_groups=True, services=services, configurations=configurations, put_function=putCoreSiteProperty)
- if kmsUserOld is not None and kmsUser != kmsUserOld:
- putCoreSitePropertyAttribute("hadoop.proxyuser.{0}.groups".format(kmsUserOld), 'delete', 'true')
- services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(kmsUserOld)})
- services["forced-configurations"].append({"type" : "core-site", "name" : "hadoop.proxyuser.{0}.groups".format(kmsUser)})
-
- if "HDFS" in servicesList:
- if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
- default_fs = services['configurations']['core-site']['properties']['fs.defaultFS']
- putRangerKmsAuditProperty('xasecure.audit.destination.hdfs.dir', '{0}/{1}/{2}'.format(default_fs,'ranger','audit'))
-
- required_services = [{'service' : 'YARN', 'config-type': 'yarn-env', 'property-name': 'yarn_user', 'proxy-category': ['hosts', 'users', 'groups']},
- {'service' : 'SPARK', 'config-type': 'livy-env', 'property-name': 'livy_user', 'proxy-category': ['hosts', 'users', 'groups']}]
-
- required_services_for_secure = [{'service' : 'HIVE', 'config-type': 'hive-env', 'property-name': 'hive_user', 'proxy-category': ['hosts', 'users']},
- {'service' : 'OOZIE', 'config-type': 'oozie-env', 'property-name': 'oozie_user', 'proxy-category': ['hosts', 'users']}]
-
- if security_enabled:
- required_services.extend(required_services_for_secure)
-
- # recommendations for kms proxy related properties
- self.recommendKMSProxyUsers(configurations, services, hosts, required_services)
-
- ambari_user = self.getAmbariUser(services)
- if security_enabled:
- # adding for ambari user
- putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.users'.format(ambari_user), '*')
- putRangerKmsSiteProperty('hadoop.kms.proxyuser.{0}.hosts'.format(ambari_user), '*')
- # adding for HTTP
- putRangerKmsSiteProperty('hadoop.kms.proxyuser.HTTP.users', '*')
- putRangerKmsSiteProperty('hadoop.kms.proxyuser.HTTP.hosts', '*')
- else:
- self.deleteKMSProxyUsers(configurations, services, hosts, required_services_for_secure)
- # deleting ambari user proxy properties
- putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.hosts'.format(ambari_user), 'delete', 'true')
- putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.{0}.users'.format(ambari_user), 'delete', 'true')
- # deleting HTTP proxy properties
- putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.HTTP.hosts', 'delete', 'true')
- putRangerKmsSitePropertyAttribute('hadoop.kms.proxyuser.HTTP.users', 'delete', 'true')
-
-
- def recommendRangerKMSConfigurationsFromHDP25(self, configurations, clusterData, services, hosts):
-
- security_enabled = self.isSecurityEnabled(services)
- required_services = [{'service' : 'RANGER', 'config-type': 'ranger-env', 'property-name': 'ranger_user', 'proxy-category': ['hosts', 'users', 'groups']}]
-
- if security_enabled:
- # recommendations for kms proxy related properties
- self.recommendKMSProxyUsers(configurations, services, hosts, required_services)
- else:
- self.deleteKMSProxyUsers(configurations, services, hosts, required_services)
-
-
-
- def recommendRangerKMSConfigurations(self, configurations, clusterData, services, hosts):
- putRangerKmsEnvProperty = self.putProperty(configurations, "kms-env", services)
-
- ranger_kms_ssl_enabled = False
- ranger_kms_ssl_port = "9393"
- if 'ranger-kms-site' in services['configurations'] and 'ranger.service.https.attrib.ssl.enabled' in services['configurations']['ranger-kms-site']['properties']:
- ranger_kms_ssl_enabled = services['configurations']['ranger-kms-site']['properties']['ranger.service.https.attrib.ssl.enabled'].lower() == "true"
-
- if 'ranger-kms-site' in services['configurations'] and 'ranger.service.https.port' in services['configurations']['ranger-kms-site']['properties']:
- ranger_kms_ssl_port = services['configurations']['ranger-kms-site']['properties']['ranger.service.https.port']
-
- if ranger_kms_ssl_enabled:
- putRangerKmsEnvProperty("kms_port", ranger_kms_ssl_port)
- else:
- putRangerKmsEnvProperty("kms_port", "9292")
-
-
-
-class RangerKMSValidator(service_advisor.ServiceAdvisor):
- """
- RangerKMS Validator checks the correctness of properties whenever the service is first added or the user attempts to
- change configs via the UI.
- """
-
- def __init__(self, *args, **kwargs):
- self.as_super = super(RangerKMSValidator, self)
- self.as_super.__init__(*args, **kwargs)
-
- self.validators = []
-
-
-
-
-
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json
deleted file mode 100644
index c08a56c..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_1.json
+++ /dev/null
@@ -1,303 +0,0 @@
-{
- "name": "default",
- "description": "Default theme for Ranger KMS service",
- "configuration": {
- "layouts": [
- {
- "name": "default",
- "tabs": [
- {
- "name": "db_settings",
- "display-name": "Settings",
- "layout": {
- "tab-columns": "2",
- "tab-rows": "2",
- "sections": [
- {
- "name": "section-db-settings",
- "display-name": "",
- "row-index": "0",
- "column-index": "0",
- "row-span": "4",
- "column-span": "2",
- "section-columns": "2",
- "section-rows": "4",
- "subsections": [
- {
- "name": "subsection-kms-db-row1-col1",
- "display-name": "Ranger KMS DB",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-kms-db-row1-col2",
- "row-index": "0",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-kms-create-db-user-row2-col",
- "display-name": "Setup Database and Database User",
- "row-index": "1",
- "column-index": "0",
- "row-span": "1",
- "column-span": "2"
- },
- {
- "name": "subsection-kms-db-root-user-row3-col1",
- "display-name": "Ranger KMS Root DB",
- "row-index": "2",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "depends-on": [
- {
- "configs":[
- "kms-env/create_db_user"
- ],
- "if": "${kms-env/create_db_user}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "name": "subsection-kms-db-root-user-row3-col2",
- "row-index": "2",
- "column-index": "1",
- "row-span": "1",
- "column-span": "1",
- "depends-on": [
- {
- "configs":[
- "kms-env/create_db_user"
- ],
- "if": "${kms-env/create_db_user}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- },
- {
- "name": "subsection-kms-master-row4-col",
- "display-name": "KMS Master Secret Password",
- "row-index": "3",
- "column-index": "0",
- "row-span": "1",
- "column-span": "2"
- }
- ]
- }
- ]
- }
- }
- ]
- }
- ],
- "placement": {
- "configuration-layout": "default",
- "configs": [
- {
- "config": "kms-properties/DB_FLAVOR",
- "subsection-name": "subsection-kms-db-row1-col1"
- },
- {
- "config": "kms-properties/db_name",
- "subsection-name": "subsection-kms-db-row1-col1"
- },
- {
- "config": "dbks-site/ranger.ks.jpa.jdbc.url",
- "subsection-name": "subsection-kms-db-row1-col1"
- },
- {
- "config": "kms-properties/db_user",
- "subsection-name": "subsection-kms-db-row1-col1"
- },
- {
- "config": "kms-properties/db_host",
- "subsection-name": "subsection-kms-db-row1-col2"
- },
- {
- "config": "kms-properties/SQL_CONNECTOR_JAR",
- "subsection-name": "subsection-kms-db-row1-col2",
- "depends-on" : [
- {
- "configs":[
- "kms-properties/DB_FLAVOR"
- ],
- "if": "${kms-properties/DB_FLAVOR} === SQLA",
- "then": {
- "property_value_attributes": {
- "visible": false
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": true
- }
- }
- }
- ]
- },
- {
- "config": "dbks-site/ranger.ks.jpa.jdbc.driver",
- "subsection-name": "subsection-kms-db-row1-col2"
- },
- {
- "config": "kms-properties/db_password",
- "subsection-name": "subsection-kms-db-row1-col2"
- },
- {
- "config": "kms-properties/db_root_user",
- "subsection-name": "subsection-kms-db-root-user-row3-col1"
- },
- {
- "config": "kms-properties/db_root_password",
- "subsection-name": "subsection-kms-db-root-user-row3-col2"
- },
- {
- "config": "kms-properties/KMS_MASTER_KEY_PASSWD",
- "subsection-name": "subsection-kms-master-row4-col"
- },
- {
- "config" : "kms-env/create_db_user",
- "subsection-name": "subsection-kms-create-db-user-row2-col"
- },
- {
- "config": "kms-env/test_db_kms_connection",
- "subsection-name": "subsection-kms-create-db-user-row2-col",
- "property_value_attributes": {
- "ui_only_property": true
- },
- "depends-on": [
- {
- "configs":[
- "kms-env/create_db_user"
- ],
- "if": "${kms-env/create_db_user}",
- "then": {
- "property_value_attributes": {
- "visible": false
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": true
- }
- }
- }
- ]
- }
- ]
- },
- "widgets": [
- {
- "config": "kms-properties/DB_FLAVOR",
- "widget": {
- "type": "combo"
- }
- },
- {
- "config": "kms-properties/db_user",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "kms-properties/db_name",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "kms-properties/SQL_CONNECTOR_JAR",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "kms-properties/db_root_user",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "kms-properties/db_host",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "kms-properties/db_password",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "kms-properties/db_root_password",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "kms-properties/KMS_MASTER_KEY_PASSWD",
- "widget": {
- "type": "password"
- }
- },
- {
- "config": "kms-env/create_db_user",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "kms-env/test_db_kms_connection",
- "widget": {
- "type": "test-db-connection",
- "display-name": "Test Connection",
- "required-properties": {
- "jdbc.driver.class": "dbks-site/ranger.ks.jpa.jdbc.driver",
- "jdbc.driver.url": "dbks-site/ranger.ks.jpa.jdbc.url",
- "db.connection.source.host": "ranger_kms-site/ranger_kms_server_hosts",
- "db.type": "kms-properties/DB_FLAVOR",
- "db.connection.destination.host": "kms-properties/db_host",
- "db.connection.user": "kms-properties/db_user",
- "db.connection.password": "kms-properties/db_password"
- }
- }
- },
- {
- "config": "dbks-site/ranger.ks.jpa.jdbc.driver",
- "widget" : {
- "type": "text-field"
- }
- },
- {
- "config": "dbks-site/ranger.ks.jpa.jdbc.url",
- "widget": {
- "type": "text-field"
- }
- }
- ]
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json
deleted file mode 100644
index be50dad..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/themes/theme_version_2.json
+++ /dev/null
@@ -1,124 +0,0 @@
-{
- "configuration": {
- "layouts": [
- {
- "name": "default",
- "tabs": [
- {
- "name": "kms_hsm",
- "display-name": "KMS HSM",
- "layout": {
- "tab-columns": "1",
- "tab-rows": "1",
- "sections": [
- {
- "name": "section-kms-hms",
- "display-name": "",
- "row-index": "0",
- "column-index": "0",
- "row-span": "2",
- "column-span": "1",
- "section-columns": "1",
- "section-rows": "2",
- "subsections": [
- {
- "name": "subsection-kms-hsm-row1-col1",
- "display-name": "Ranger KMS HSM Enabled",
- "row-index": "0",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1"
- },
- {
- "name": "subsection-kms-hsm-row2-col1",
- "display-name": "Configuration Settings",
- "row-index": "1",
- "column-index": "0",
- "row-span": "1",
- "column-span": "1",
- "depends-on": [
- {
- "configs": [
- "dbks-site/ranger.ks.hsm.enabled"
- ],
- "if": "${dbks-site/ranger.ks.hsm.enabled}",
- "then": {
- "property_value_attributes": {
- "visible": true
- }
- },
- "else": {
- "property_value_attributes": {
- "visible": false
- }
- }
- }
- ]
- }
- ]
- }
- ]
- }
- }
- ]
- }
- ],
- "placement": {
- "configuration-layout": "default",
- "configs": [
- {
- "config": "dbks-site/ranger.ks.hsm.enabled",
- "subsection-name": "subsection-kms-hsm-row1-col1"
- },
- {
- "config": "dbks-site/ranger.ks.hsm.type",
- "subsection-name": "subsection-kms-hsm-row2-col1"
- },
- {
- "config": "dbks-site/ranger.ks.hsm.partition.name",
- "subsection-name": "subsection-kms-hsm-row2-col1"
- },
- {
- "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
- "subsection-name": "subsection-kms-hsm-row2-col1"
- },
- {
- "config": "kms-env/hsm_partition_password",
- "subsection-name": "subsection-kms-hsm-row2-col1"
- }
- ]
- },
- "widgets": [
- {
- "config": "dbks-site/ranger.ks.hsm.enabled",
- "widget": {
- "type": "toggle"
- }
- },
- {
- "config": "dbks-site/ranger.ks.hsm.type",
- "widget": {
- "type": "combo"
- }
- },
- {
- "config": "dbks-site/ranger.ks.hsm.partition.name",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "dbks-site/ranger.ks.hsm.partition.password.alias",
- "widget": {
- "type": "text-field"
- }
- },
- {
- "config": "kms-env/hsm_partition_password",
- "widget": {
- "type": "password"
- }
- }
- ]
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/alerts.json
new file mode 100644
index 0000000..05c3fe6
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/alerts.json
@@ -0,0 +1,32 @@
+{
+ "RANGER_KMS": {
+ "service": [],
+ "RANGER_KMS_SERVER": [
+ {
+ "name": "ranger_kms_server_process",
+ "label": "Ranger KMS Server Process",
+ "description": "This host-level alert is triggered if the Ranger KMS Server cannot be determined to be up.",
+ "interval": 1,
+ "scope": "HOST",
+ "source": {
+ "type": "PORT",
+ "uri": "{{kms-env/kms_port}}",
+ "default_port": 9292,
+ "reporting": {
+ "ok": {
+ "text": "TCP OK - {0:.3f}s response on port {1}"
+ },
+ "warning": {
+ "text": "TCP OK - {0:.3f}s response on port {1}",
+ "value": 1.5
+ },
+ "critical": {
+ "text": "Connection failed: {0} to {1}:{2}",
+ "value": 5.0
+ }
+ }
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/dbks-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/dbks-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/dbks-site.xml
new file mode 100644
index 0000000..4ac20b3
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/dbks-site.xml
@@ -0,0 +1,206 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>hadoop.kms.blacklist.DECRYPT_EEK</name>
+ <value>hdfs</value>
+ <description>Blacklist for decrypt EncryptedKey CryptoExtension operations</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.db.encrypt.key.password</name>
+ <value>_</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>Password used for encrypting Master Key</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.url</name>
+ <display-name>JDBC connect string</display-name>
+ <value>jdbc:mysql://localhost</value>
+ <description>URL for Database</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>kms-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ <property>
+ <type>kms-properties</type>
+ <name>db_host</name>
+ </property>
+ <property>
+ <type>kms-properties</type>
+ <name>db_name</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.user</name>
+ <value>{{db_user}}</value>
+ <description>Database username used for operation</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.password</name>
+ <value>_</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>Database user's password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.credential.provider.path</name>
+ <value>/etc/ranger/kms/rangerkms.jceks</value>
+ <description>Credential provider path</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.credential.alias</name>
+ <value>ranger.ks.jdbc.password</value>
+ <description>Credential alias used for password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.masterkey.credential.alias</name>
+ <value>ranger.ks.masterkey.password</value>
+ <description>Credential alias used for masterkey</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.dialect</name>
+ <value>{{jdbc_dialect}}</value>
+ <description>Dialect used for database</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jpa.jdbc.driver</name>
+ <display-name>Driver class name for a JDBC Ranger KMS database</display-name>
+ <value>com.mysql.jdbc.Driver</value>
+ <description>Driver used for database</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>kms-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.jdbc.sqlconnectorjar</name>
+ <value>{{ews_lib_jar_path}}</value>
+ <description>Driver used for database</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.type</name>
+ <display-name>HSM Type</display-name>
+ <value>LunaProvider</value>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>LunaProvider</value>
+ <label>Luna Provider</label>
+ </entry>
+ </entries>
+ </value-attributes>
+ <description>HSM type</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.enabled</name>
+ <display-name>HSM Enabled</display-name>
+ <value>false</value>
+ <description>Enable HSM ?</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.partition.name</name>
+ <display-name>HSM partition name. In case of HSM HA enter the group name</display-name>
+ <value>par19</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.partition.password</name>
+ <value>_</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>HSM partition password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.hsm.partition.password.alias</name>
+ <display-name>HSM partition password alias</display-name>
+ <value>ranger.kms.hsm.partition.password</value>
+ <description>HSM partition password alias</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.kerberos.principal</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ks.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-env.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-env.xml
new file mode 100644
index 0000000..acecdfe
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-env.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="true">
+ <property>
+ <name>kms_user</name>
+ <display-name>Kms User</display-name>
+ <value>kms</value>
+ <property-type>USER</property-type>
+ <description>Kms username</description>
+ <value-attributes>
+ <type>user</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>kms_group</name>
+ <display-name>Kms group</display-name>
+ <value>kms</value>
+ <property-type>GROUP</property-type>
+ <description>Kms group</description>
+ <value-attributes>
+ <type>user</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>kms_log_dir</name>
+ <value>/var/log/ranger/kms</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>kms_port</name>
+ <value>9292</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ <depends-on>
+ <property>
+ <type>ranger-kms-site</type>
+ <name>ranger.service.https.port</name>
+ </property>
+ <property>
+ <type>ranger-kms-site</type>
+ <name>ranger.service.https.attrib.ssl.enabled</name>
+ </property>
+ </depends-on>
+ </property>
+ <property>
+ <name>create_db_user</name>
+ <display-name>Setup Database and Database User</display-name>
+ <value>true</value>
+ <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hsm_partition_password</name>
+ <display-name>HSM partition password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>HSM partition password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_kms_pid_dir</name>
+ <value>/var/run/ranger_kms</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ <editable-only-at-install>true</editable-only-at-install>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-log4j.xml
new file mode 100644
index 0000000..daae579
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-log4j.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_kms_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger-kms Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_kms_log_maxbackupindex</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger-kms Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_kms_audit_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger-kms Audit Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_kms_audit_log_maxbackupindex</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger-kms Audit Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>kms-log4j template</display-name>
+ <description>kms-log4j.properties</description>
+ <value>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License. See accompanying LICENSE file.
+#
+
+# If the Java System property 'kms.log.dir' is not defined at KMS start up time
+# Setup sets its value to '${kms.home}/logs'
+
+log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.kms.DatePattern='.'yyyy-MM-dd
+log4j.appender.kms.File=${kms.log.dir}/kms.log
+log4j.appender.kms.Append=true
+log4j.appender.kms.layout=org.apache.log4j.PatternLayout
+log4j.appender.kms.layout.ConversionPattern=%d{ISO8601} %-5p %c{1} - %m%n
+log4j.appender.kms.MaxFileSize = {{ranger_kms_log_maxfilesize}}MB
+log4j.appender.kms.MaxBackupIndex = {{ranger_kms_log_maxbackupindex}}
+
+log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.kms-audit.DatePattern='.'yyyy-MM-dd
+log4j.appender.kms-audit.File=${kms.log.dir}/kms-audit.log
+log4j.appender.kms-audit.Append=true
+log4j.appender.kms-audit.layout=org.apache.log4j.PatternLayout
+log4j.appender.kms-audit.layout.ConversionPattern=%d{ISO8601} %m%n
+log4j.appender.kms-audit.MaxFileSize = {{ranger_kms_audit_log_maxfilesize}}MB
+log4j.appender.kms-audit.MaxBackupIndex = {{ranger_kms_audit_log_maxbackupindex}}
+
+log4j.logger.kms-audit=INFO, kms-audit
+log4j.additivity.kms-audit=false
+
+log4j.logger=INFO, kms
+log4j.additivity.kms=false
+log4j.rootLogger=INFO, kms
+log4j.logger.org.apache.hadoop.conf=ERROR
+log4j.logger.org.apache.hadoop=INFO
+log4j.logger.com.sun.jersey.server.wadl.generators.WadlGeneratorJAXBGrammarGenerator=OFF
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-properties.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-properties.xml
new file mode 100644
index 0000000..d2d4da5
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-properties.xml
@@ -0,0 +1,166 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>REPOSITORY_CONFIG_USERNAME</name>
+ <display-name>Repository config username</display-name>
+ <value>keyadmin</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>REPOSITORY_CONFIG_PASSWORD</name>
+ <display-name>Repository config password</display-name>
+ <value>keyadmin</value>
+ <property-type>PASSWORD</property-type>
+ <description/>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>DB_FLAVOR</name>
+ <display-name>DB FLAVOR</display-name>
+ <value>MYSQL</value>
+ <description>The database type to be used</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>MYSQL</value>
+ <label>MYSQL</label>
+ </entry>
+ <entry>
+ <value>ORACLE</value>
+ <label>ORACLE</label>
+ </entry>
+ <entry>
+ <value>POSTGRES</value>
+ <label>POSTGRES</label>
+ </entry>
+ <entry>
+ <value>MSSQL</value>
+ <label>MSSQL</label>
+ </entry>
+ <entry>
+ <value>SQLA</value>
+ <label>SQL Anywhere</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>SQL_CONNECTOR_JAR</name>
+ <display-name>SQL connector jar</display-name>
+ <value>{{driver_curl_target}}</value>
+ <description>Location of DB client library (please check the location of the jar file)</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>kms-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false" update="false"/>
+ </property>
+ <property>
+ <name>db_root_user</name>
+ <display-name>Database Administrator (DBA) username</display-name>
+ <value>root</value>
+ <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_root_password</name>
+ <display-name>Database Administrator (DBA) password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <description>Database password for the database admin username</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_host</name>
+ <display-name>Ranger KMS DB host</display-name>
+ <value/>
+ <description>Database host</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_name</name>
+ <display-name>Ranger KMS DB name</display-name>
+ <value>rangerkms</value>
+ <description>Database name</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_user</name>
+ <display-name>Ranger KMS DB username</display-name>
+ <value>rangerkms</value>
+ <description>Database username used for the Ranger KMS schema</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>db_password</name>
+ <display-name>Ranger KMS DB password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <description>Database password for the Ranger KMS schema</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>KMS_MASTER_KEY_PASSWD</name>
+ <display-name>KMS master key password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <description/>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-site.xml
new file mode 100644
index 0000000..1e6f7b5
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/kms-site.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>hadoop.kms.key.provider.uri</name>
+ <value>dbks://http@localhost:9292/kms</value>
+ <description>URI of the backing KeyProvider for the KMS.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.security.keystore.JavaKeyStoreProvider.password</name>
+ <value>none</value>
+ <description>If using the JavaKeyStoreProvider, the password for the keystore file.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.cache.enable</name>
+ <value>true</value>
+ <description>Whether the KMS will act as a cache for the backing KeyProvider. When the cache is enabled, operations like getKeyVersion, getMetadata, and getCurrentKey will sometimes return cached data without consulting the backing KeyProvider. Cached values are flushed when keys are deleted or modified.
+ </description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.cache.timeout.ms</name>
+ <value>600000</value>
+ <description>Expiry time for the KMS key version and key metadata cache, in milliseconds. This affects getKeyVersion and getMetadata.
+ </description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.current.key.cache.timeout.ms</name>
+ <value>30000</value>
+ <description>Expiry time for the KMS current key cache, in milliseconds. This affects getCurrentKey operations.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.audit.aggregation.window.ms</name>
+ <value>10000</value>
+ <description>Duplicate audit log events within the aggregation window (specified in ms) are quashed to reduce log traffic. A single message for aggregated events is printed at the end of the window, along with a count of the number of aggregated events.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.type</name>
+ <value>simple</value>
+ <description>Authentication type for the KMS. Can be either "simple" or "kerberos".
+ </description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.kerberos.keytab</name>
+ <value>${user.home}/kms.keytab</value>
+ <description>Path to the keytab with credentials for the configured Kerberos principal.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.kerberos.principal</name>
+ <value>HTTP/localhost</value>
+ <description>The Kerberos principal to use for the HTTP endpoint. The principal must start with 'HTTP/' as per the Kerberos HTTP SPNEGO specification.</description>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.kerberos.name.rules</name>
+ <value>DEFAULT</value>
+ <description>Rules used to resolve Kerberos principal names.</description>
+ <value-attributes>
+ <type>multiLine</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider</name>
+ <value>random</value>
+ <description>Indicates how the secret to sign the authentication cookies will be stored. Options are 'random' (default), 'string' and 'zookeeper'. If using a setup with multiple KMS instances, 'zookeeper' should be used.
+ </description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.path</name>
+ <value>/hadoop-kms/hadoop-auth-signature-secret</value>
+ <description>The Zookeeper ZNode path where the KMS instances will store and retrieve the secret from.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.connection.string</name>
+ <value>#HOSTNAME#:#PORT#,...</value>
+ <description>The Zookeeper connection string, a list of hostnames and port comma separated.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type</name>
+ <value>kerberos</value>
+ <description>The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab</name>
+ <value>/etc/hadoop/conf/kms.keytab</value>
+ <description>The absolute path for the Kerberos keytab with the credentials to connect to Zookeeper.</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal</name>
+ <value>kms/#HOSTNAME#</value>
+ <description>The Kerberos service principal used to connect to Zookeeper.</description>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>hadoop.kms.security.authorization.manager</name>
+ <value>org.apache.ranger.authorization.kms.authorizer.RangerKmsAuthorizer</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-audit.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-audit.xml
new file mode 100644
index 0000000..518120c
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-audit.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>xasecure.audit.is.enabled</name>
+ <value>true</value>
+ <description>Is Audit enabled?</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs</name>
+ <value>true</value>
+ <display-name>Audit to HDFS</display-name>
+ <description>Is Audit to HDFS enabled?</description>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value>
+ <description>HDFS folder to write audit to, make sure the service user has requried permissions</description>
+ <depends-on>
+ <property>
+ <type>core-site</type>
+ <name>fs.defaultFS</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
+ <value>/var/log/ranger/kms/audit/hdfs/spool</value>
+ <description>/var/log/ranger/kms/audit/hdfs/spool</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr</name>
+ <value>true</value>
+ <display-name>Audit to SOLR</display-name>
+ <description>Is Solr audit enabled?</description>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr.batch.filespool.dir</name>
+ <value>/var/log/ranger/kms/audit/solr/spool</value>
+ <description>/var/log/ranger/kms/audit/solr/spool</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.provider.summary.enabled</name>
+ <value>false</value>
+ <display-name>Audit provider summary enabled</display-name>
+ <description>Enable Summary audit?</description>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr.urls</name>
+ <value>{{ranger_audit_solr_urls}}</value>
+ <description>Solr URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.urls</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr.zookeepers</name>
+ <value>none</value>
+ <description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>ranger-admin-site</type>
+ <name>ranger.audit.solr.zookeepers</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.ambari.cluster.name</name>
+ <value>{{cluster_name}}</value>
+ <description>Capture cluster name from where Ranger kms plugin is enabled.</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
new file mode 100644
index 0000000..a89a1a7
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-policymgr-ssl.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>myKeyFilePassword</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>password for keystore</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <description>java truststore password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file{{credential_file}}</value>
+ <description>java keystore credential file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file{{credential_file}}</value>
+ <description>java truststore credential file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>/etc/security/serverKeys/ranger-plugin-keystore.jks</value>
+ <description>Java Keystore files</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>/etc/security/serverKeys/ranger-plugin-truststore.jks</value>
+ <description>java truststore file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-security.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-security.xml
new file mode 100644
index 0000000..13adcb4
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-security.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>ranger.plugin.kms.service.name</name>
+ <value>{{repo_name}}</value>
+ <description>Name of the Ranger service containing policies for this kms instance</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.source.impl</name>
+ <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+ <description>Class to retrieve policies from the source</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.rest.url</name>
+ <value>{{policymgr_mgr_url}}</value>
+ <description>URL to Ranger Admin</description>
+ <on-ambari-upgrade add="false"/>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>policymgr_external_url</name>
+ </property>
+ </depends-on>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.rest.ssl.config.file</name>
+ <value>/etc/ranger/kms/conf/ranger-policymgr-ssl.xml</value>
+ <description>Path to the file containing SSL details to contact Ranger Admin</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.pollIntervalMs</name>
+ <value>30000</value>
+ <description>How often to poll for changes in policies?</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.plugin.kms.policy.cache.dir</name>
+ <value>/etc/ranger/{{repo_name}}/policycache</value>
+ <description>Directory where Ranger policies are cached after successful retrieval from the source</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-site.xml
new file mode 100644
index 0000000..8d0a351
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/configuration/ranger-kms-site.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>ranger.service.host</name>
+ <value>{{kms_host}}</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.http.port</name>
+ <value>{{kms_port}}</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.port</name>
+ <value>9393</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.shutdown.port</name>
+ <value>7085</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.contextName</name>
+ <value>/kms</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xa.webapp.dir</name>
+ <value>./webapp</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.ssl.enabled</name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.file</name>
+ <value>/etc/security/serverKeys/ranger-kms-keystore.jks</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.client.auth</name>
+ <value>want</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.keyalias</name>
+ <value>rangerkms</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.pass</name>
+ <value>rangerkms</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.credential.provider.path</name>
+ <value>/etc/ranger/kms/rangerkms.jceks</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.credential.alias</name>
+ <value>keyStoreCredentialAlias</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ </property>
+ <property>
+ <name>ajp.enabled</name>
+ <value>false</value>
+ <on-ambari-upgrade add="false"/>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
new file mode 100644
index 0000000..a54783e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/1.0.0.3.0/kerberos.json
@@ -0,0 +1,84 @@
+{
+ "services": [
+ {
+ "name": "RANGER_KMS",
+ "identities": [
+ {
+ "name": "/spnego",
+ "keytab": {
+ "configuration": "kms-site/hadoop.kms.authentication.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/smokeuser"
+ }
+ ],
+ "auth_to_local_properties" : [
+ "kms-site/hadoop.kms.authentication.kerberos.name.rules"
+ ],
+ "configurations": [
+ {
+ "kms-site": {
+ "hadoop.kms.authentication.type": "kerberos",
+ "hadoop.kms.authentication.kerberos.principal": "*"
+ }
+ },
+ {
+ "ranger-kms-audit": {
+ "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+ "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+ "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+ "xasecure.audit.jaas.Client.option.storeKey": "false",
+ "xasecure.audit.jaas.Client.option.serviceName": "solr",
+ "xasecure.audit.destination.solr.force.use.inmemory.jaas.config": "true"
+ }
+ }
+ ],
+ "components": [
+ {
+ "name": "RANGER_KMS_SERVER",
+ "identities": [
+ {
+ "name": "/spnego",
+ "principal": {
+ "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal"
+ },
+ "keytab": {
+ "configuration": "kms-site/hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/smokeuser"
+ },
+ {
+ "name": "rangerkms",
+ "principal": {
+ "value": "rangerkms/_HOST@${realm}",
+ "type" : "service",
+ "configuration": "dbks-site/ranger.ks.kerberos.principal",
+ "local_username" : "keyadmin"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangerkms.service.keytab",
+ "owner": {
+ "name": "${kms-env/kms_user}",
+ "access": "r"
+ },
+ "configuration": "dbks-site/ranger.ks.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/RANGER_KMS/RANGER_KMS_SERVER/rangerkms",
+ "principal": {
+ "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.principal"
+ },
+ "keytab": {
+ "configuration": "ranger-kms-audit/xasecure.audit.jaas.Client.option.keyTab"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
[17/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
AMBARI-21058 HDP 3.0 - Changing common service version for Ranger & Ranger Kms (mugdha)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3dc51b0c
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3dc51b0c
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3dc51b0c
Branch: refs/heads/trunk
Commit: 3dc51b0c93bf13089dddd0f0f937b44d84f5017a
Parents: 19d4200
Author: Mugdha Varadkar <mu...@apache.org>
Authored: Tue Jun 27 15:52:53 2017 +0530
Committer: Mugdha Varadkar <mu...@apache.org>
Committed: Thu Jul 6 09:48:45 2017 +0530
----------------------------------------------------------------------
.../HDFS/3.0.0.3.0/service_advisor.py | 53 +
.../RANGER/0.7.0.3.0/alerts.json | 76 -
.../0.7.0.3.0/configuration/admin-log4j.xml | 132 --
.../configuration/admin-properties.xml | 163 --
.../configuration/atlas-tagsync-ssl.xml | 72 -
.../configuration/ranger-admin-site.xml | 785 --------
.../0.7.0.3.0/configuration/ranger-env.xml | 513 -----
.../0.7.0.3.0/configuration/ranger-site.xml | 30 -
.../configuration/ranger-solr-configuration.xml | 59 -
.../ranger-tagsync-policymgr-ssl.xml | 72 -
.../configuration/ranger-tagsync-site.xml | 206 --
.../configuration/ranger-ugsync-site.xml | 577 ------
.../tagsync-application-properties.xml | 62 -
.../0.7.0.3.0/configuration/tagsync-log4j.xml | 90 -
.../0.7.0.3.0/configuration/usersync-log4j.xml | 89 -
.../configuration/usersync-properties.xml | 32 -
.../RANGER/0.7.0.3.0/kerberos.json | 153 --
.../RANGER/0.7.0.3.0/metainfo.xml | 189 --
.../alerts/alert_ranger_admin_passwd_check.py | 195 --
.../RANGER/0.7.0.3.0/package/scripts/params.py | 448 -----
.../0.7.0.3.0/package/scripts/ranger_admin.py | 217 --
.../0.7.0.3.0/package/scripts/ranger_service.py | 69 -
.../0.7.0.3.0/package/scripts/ranger_tagsync.py | 139 --
.../package/scripts/ranger_usersync.py | 124 --
.../0.7.0.3.0/package/scripts/service_check.py | 49 -
.../0.7.0.3.0/package/scripts/setup_ranger.py | 153 --
.../package/scripts/setup_ranger_xml.py | 853 --------
.../0.7.0.3.0/package/scripts/status_params.py | 39 -
.../RANGER/0.7.0.3.0/package/scripts/upgrade.py | 31 -
.../templates/input.config-ranger.json.j2 | 79 -
.../package/templates/ranger_admin_pam.j2 | 22 -
.../package/templates/ranger_remote_pam.j2 | 22 -
.../package/templates/ranger_solr_jaas_conf.j2 | 26 -
.../properties/ranger-solrconfig.xml.j2 | 1874 ------------------
.../RANGER/0.7.0.3.0/quicklinks/quicklinks.json | 41 -
.../RANGER/0.7.0.3.0/role_command_order.json | 9 -
.../RANGER/0.7.0.3.0/service_advisor.py | 793 --------
.../0.7.0.3.0/themes/theme_version_1.json | 722 -------
.../0.7.0.3.0/themes/theme_version_2.json | 1470 --------------
.../0.7.0.3.0/themes/theme_version_3.json | 692 -------
.../0.7.0.3.0/themes/theme_version_5.json | 48 -
.../RANGER/1.0.0.3.0/alerts.json | 76 +
.../1.0.0.3.0/configuration/admin-log4j.xml | 132 ++
.../configuration/admin-properties.xml | 161 ++
.../configuration/atlas-tagsync-ssl.xml | 72 +
.../configuration/ranger-admin-site.xml | 751 +++++++
.../1.0.0.3.0/configuration/ranger-env.xml | 503 +++++
.../configuration/ranger-solr-configuration.xml | 59 +
.../ranger-tagsync-policymgr-ssl.xml | 72 +
.../configuration/ranger-tagsync-site.xml | 201 ++
.../configuration/ranger-ugsync-site.xml | 571 ++++++
.../tagsync-application-properties.xml | 62 +
.../1.0.0.3.0/configuration/tagsync-log4j.xml | 90 +
.../1.0.0.3.0/configuration/usersync-log4j.xml | 89 +
.../RANGER/1.0.0.3.0/kerberos.json | 153 ++
.../RANGER/1.0.0.3.0/metainfo.xml | 177 ++
.../alerts/alert_ranger_admin_passwd_check.py | 195 ++
.../RANGER/1.0.0.3.0/package/scripts/params.py | 449 +++++
.../1.0.0.3.0/package/scripts/ranger_admin.py | 210 ++
.../1.0.0.3.0/package/scripts/ranger_service.py | 69 +
.../1.0.0.3.0/package/scripts/ranger_tagsync.py | 139 ++
.../package/scripts/ranger_usersync.py | 120 ++
.../1.0.0.3.0/package/scripts/service_check.py | 49 +
.../package/scripts/setup_ranger_xml.py | 853 ++++++++
.../1.0.0.3.0/package/scripts/status_params.py | 39 +
.../RANGER/1.0.0.3.0/package/scripts/upgrade.py | 31 +
.../templates/input.config-ranger.json.j2 | 79 +
.../package/templates/ranger_admin_pam.j2 | 22 +
.../package/templates/ranger_remote_pam.j2 | 22 +
.../package/templates/ranger_solr_jaas_conf.j2 | 26 +
.../properties/ranger-solrconfig.xml.j2 | 1874 ++++++++++++++++++
.../RANGER/1.0.0.3.0/quicklinks/quicklinks.json | 41 +
.../RANGER/1.0.0.3.0/role_command_order.json | 9 +
.../RANGER/1.0.0.3.0/service_advisor.py | 774 ++++++++
.../1.0.0.3.0/themes/theme_version_1.json | 1821 +++++++++++++++++
.../RANGER_KMS/0.5.0.3.0/alerts.json | 32 -
.../0.5.0.3.0/configuration/dbks-site.xml | 206 --
.../0.5.0.3.0/configuration/kms-env.xml | 116 --
.../0.5.0.3.0/configuration/kms-log4j.xml | 120 --
.../0.5.0.3.0/configuration/kms-properties.xml | 166 --
.../0.5.0.3.0/configuration/kms-site.xml | 133 --
.../configuration/ranger-kms-audit.xml | 124 --
.../configuration/ranger-kms-policymgr-ssl.xml | 68 -
.../configuration/ranger-kms-security.xml | 64 -
.../0.5.0.3.0/configuration/ranger-kms-site.xml | 104 -
.../RANGER_KMS/0.5.0.3.0/kerberos.json | 84 -
.../RANGER_KMS/0.5.0.3.0/metainfo.xml | 115 --
.../RANGER_KMS/0.5.0.3.0/package/scripts/kms.py | 677 -------
.../0.5.0.3.0/package/scripts/kms_server.py | 117 --
.../0.5.0.3.0/package/scripts/kms_service.py | 58 -
.../0.5.0.3.0/package/scripts/params.py | 331 ----
.../0.5.0.3.0/package/scripts/service_check.py | 41 -
.../0.5.0.3.0/package/scripts/status_params.py | 36 -
.../0.5.0.3.0/package/scripts/upgrade.py | 30 -
.../templates/input.config-ranger-kms.json.j2 | 48 -
.../0.5.0.3.0/role_command_order.json | 7 -
.../RANGER_KMS/0.5.0.3.0/service_advisor.py | 281 ---
.../0.5.0.3.0/themes/theme_version_1.json | 303 ---
.../0.5.0.3.0/themes/theme_version_2.json | 124 --
.../RANGER_KMS/1.0.0.3.0/alerts.json | 32 +
.../1.0.0.3.0/configuration/dbks-site.xml | 206 ++
.../1.0.0.3.0/configuration/kms-env.xml | 115 ++
.../1.0.0.3.0/configuration/kms-log4j.xml | 120 ++
.../1.0.0.3.0/configuration/kms-properties.xml | 166 ++
.../1.0.0.3.0/configuration/kms-site.xml | 133 ++
.../configuration/ranger-kms-audit.xml | 118 ++
.../configuration/ranger-kms-policymgr-ssl.xml | 68 +
.../configuration/ranger-kms-security.xml | 64 +
.../1.0.0.3.0/configuration/ranger-kms-site.xml | 110 +
.../RANGER_KMS/1.0.0.3.0/kerberos.json | 84 +
.../RANGER_KMS/1.0.0.3.0/metainfo.xml | 111 ++
.../RANGER_KMS/1.0.0.3.0/package/scripts/kms.py | 675 +++++++
.../1.0.0.3.0/package/scripts/kms_server.py | 117 ++
.../1.0.0.3.0/package/scripts/kms_service.py | 58 +
.../1.0.0.3.0/package/scripts/params.py | 331 ++++
.../1.0.0.3.0/package/scripts/service_check.py | 41 +
.../1.0.0.3.0/package/scripts/status_params.py | 36 +
.../1.0.0.3.0/package/scripts/upgrade.py | 30 +
.../templates/input.config-ranger-kms.json.j2 | 48 +
.../1.0.0.3.0/role_command_order.json | 7 +
.../RANGER_KMS/1.0.0.3.0/service_advisor.py | 358 ++++
.../1.0.0.3.0/themes/theme_version_1.json | 409 ++++
.../stacks/HDP/3.0/services/RANGER/metainfo.xml | 4 +-
.../HDP/3.0/services/RANGER_KMS/metainfo.xml | 4 +-
124 files changed, 13485 insertions(+), 14804 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py
index 356ad59..e135275 100644
--- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py
+++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py
@@ -138,6 +138,7 @@ class HDFSServiceAdvisor(service_advisor.ServiceAdvisor):
# Due to the existing stack inheritance, make it clear where each calculation came from.
recommender = HDFSRecommender()
recommender.recommendConfigurationsFromHDP206(configurations, clusterData, services, hosts)
+ recommender.recommendConfigurationsFromHDP22(configurations, clusterData, services, hosts)
recommender.recommendConfigurationsFromHDP23(configurations, clusterData, services, hosts)
recommender.recommendConfigurationsFromHDP26(configurations, clusterData, services, hosts)
@@ -253,6 +254,58 @@ class HDFSRecommender(service_advisor.ServiceAdvisor):
# recommendations for "hadoop.proxyuser.*.hosts", "hadoop.proxyuser.*.groups" properties in core-site
self.recommendHadoopProxyUsers(configurations, services, hosts)
+ def recommendConfigurationsFromHDP22(self, configurations, clusterData, services, hosts):
+ """
+ Recommend configurations for this service based on HDP 2.2
+ """
+ putHdfsSiteProperty = self.putProperty(configurations, "hdfs-site", services)
+ putCoreSiteProperty = self.putProperty(configurations, "core-site", services)
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+
+ keyserverHostsString = None
+ keyserverPortString = None
+ if "hadoop-env" in services["configurations"] and "keyserver_host" in services["configurations"]["hadoop-env"]["properties"] and "keyserver_port" in services["configurations"]["hadoop-env"]["properties"]:
+ keyserverHostsString = services["configurations"]["hadoop-env"]["properties"]["keyserver_host"]
+ keyserverPortString = services["configurations"]["hadoop-env"]["properties"]["keyserver_port"]
+
+ # Irrespective of what hadoop-env has, if Ranger-KMS is installed, we use its values.
+ rangerKMSServerHosts = self.getHostsWithComponent("RANGER_KMS", "RANGER_KMS_SERVER", services, hosts)
+ if rangerKMSServerHosts is not None and len(rangerKMSServerHosts) > 0:
+ rangerKMSServerHostsArray = []
+ for rangeKMSServerHost in rangerKMSServerHosts:
+ rangerKMSServerHostsArray.append(rangeKMSServerHost["Hosts"]["host_name"])
+ keyserverHostsString = ";".join(rangerKMSServerHostsArray)
+ if "kms-env" in services["configurations"] and "kms_port" in services["configurations"]["kms-env"]["properties"]:
+ keyserverPortString = services["configurations"]["kms-env"]["properties"]["kms_port"]
+
+ if keyserverHostsString is not None and len(keyserverHostsString.strip()) > 0:
+ urlScheme = "http"
+ if "ranger-kms-site" in services["configurations"] and \
+ "ranger.service.https.attrib.ssl.enabled" in services["configurations"]["ranger-kms-site"]["properties"] and \
+ services["configurations"]["ranger-kms-site"]["properties"]["ranger.service.https.attrib.ssl.enabled"].lower() == "true":
+ urlScheme = "https"
+
+ if keyserverPortString is None or len(keyserverPortString.strip()) < 1:
+ keyserverPortString = ":9292"
+ else:
+ keyserverPortString = ":" + keyserverPortString.strip()
+
+ kmsPath = "kms://" + urlScheme + "@" + keyserverHostsString.strip() + keyserverPortString + "/kms"
+ putCoreSiteProperty("hadoop.security.key.provider.path", kmsPath)
+ putHdfsSiteProperty("dfs.encryption.key.provider.uri", kmsPath)
+
+ putHdfsSitePropertyAttribute = self.putPropertyAttribute(configurations, "hdfs-site")
+ putCoreSitePropertyAttribute = self.putPropertyAttribute(configurations, "core-site")
+ if not "RANGER_KMS" in servicesList:
+ putCoreSitePropertyAttribute('hadoop.security.key.provider.path','delete','true')
+ putHdfsSitePropertyAttribute('dfs.encryption.key.provider.uri','delete','true')
+
+ if "ranger-env" in services["configurations"] and "ranger-hdfs-plugin-properties" in services["configurations"] and \
+ "ranger-hdfs-plugin-enabled" in services["configurations"]["ranger-env"]["properties"]:
+ putHdfsRangerPluginProperty = self.putProperty(configurations, "ranger-hdfs-plugin-properties", services)
+ rangerEnvHdfsPluginProperty = services["configurations"]["ranger-env"]["properties"]["ranger-hdfs-plugin-enabled"]
+ putHdfsRangerPluginProperty("ranger-hdfs-plugin-enabled", rangerEnvHdfsPluginProperty)
+
def recommendConfigurationsFromHDP23(self, configurations, clusterData, services, hosts):
"""
Recommend configurations for this service based on HDP 2.3.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json
deleted file mode 100644
index ab473a8..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json
+++ /dev/null
@@ -1,76 +0,0 @@
-{
- "RANGER": {
- "service": [],
- "RANGER_ADMIN": [
- {
- "name": "ranger_admin_process",
- "label": "Ranger Admin Process",
- "description": "This host-level alert is triggered if the Ranger Admin Web UI is unreachable.",
- "interval": 1,
- "scope": "ANY",
- "source": {
- "type": "WEB",
- "uri": {
- "http": "{{admin-properties/policymgr_external_url}}/login.jsp",
- "https": "{{admin-properties/policymgr_external_url}}/login.jsp",
- "kerberos_keytab": "{{cluster-env/smokeuser_keytab}}",
- "kerberos_principal": "{{cluster-env/smokeuser_principal_name}}",
- "https_property": "{{ranger-admin-site/ranger.service.https.attrib.ssl.enabled}}",
- "https_property_value": "true",
- "connection_timeout": 5.0
- },
- "reporting": {
- "ok": {
- "text": "HTTP {0} response in {2:.3f}s"
- },
- "warning": {
- "text": "HTTP {0} response from {1} in {2:.3f}s ({3})"
- },
- "critical": {
- "text": "Connection failed to {1} ({3})"
- }
- }
- }
- },
- {
- "name": "ranger_admin_password_check",
- "label": "Ranger Admin password check",
- "description": "This alert is used to ensure that the Ranger Admin password in Ambari is correct.",
- "interval": 30,
- "scope": "ANY",
- "source": {
- "type": "SCRIPT",
- "path": "RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py",
- "parameters": []
- }
- }
- ],
- "RANGER_USERSYNC": [
- {
- "name": "ranger_usersync_process",
- "label": "Ranger Usersync Process",
- "description": "This host-level alert is triggered if the Ranger Usersync cannot be determined to be up.",
- "interval": 1,
- "scope": "HOST",
- "source": {
- "type": "PORT",
- "uri": "{{ranger-ugsync-site/ranger.usersync.port}}",
- "default_port": 5151,
- "reporting": {
- "ok": {
- "text": "TCP OK - {0:.3f}s response on port {1}"
- },
- "warning": {
- "text": "TCP OK - {0:.3f}s response on port {1}",
- "value": 1.5
- },
- "critical": {
- "text": "Connection failed: {0} to {1}:{2}",
- "value": 5.0
- }
- }
- }
- }
- ]
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml
deleted file mode 100644
index fbbfac7..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml
+++ /dev/null
@@ -1,132 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_adding_forbidden="false">
- <property>
- <name>ranger_xa_log_maxfilesize</name>
- <value>256</value>
- <description>The maximum size of backup file before the log is rotated</description>
- <display-name>Ranger Log: backup file size</display-name>
- <value-attributes>
- <unit>MB</unit>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_xa_log_maxbackupindex</name>
- <value>20</value>
- <description>The number of backup files</description>
- <display-name>Ranger Log: # of backup files</display-name>
- <value-attributes>
- <type>int</type>
- <minimum>0</minimum>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>content</name>
- <display-name>admin-log4j template</display-name>
- <description>admin-log4j.properties</description>
- <value>
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-
-log4j.rootLogger = warn,xa_log_appender
-
-
-# xa_logger
-log4j.appender.xa_log_appender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.xa_log_appender.file=${logdir}/xa_portal.log
-log4j.appender.xa_log_appender.datePattern='.'yyyy-MM-dd
-log4j.appender.xa_log_appender.append=true
-log4j.appender.xa_log_appender.layout=org.apache.log4j.PatternLayout
-log4j.appender.xa_log_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n
-log4j.appender.xa_log_appender.MaxFileSize={{ranger_xa_log_maxfilesize}}MB
-log4j.appender.xa_log_appender.MaxBackupIndex={{ranger_xa_log_maxbackupindex}}
-
-# xa_log_appender : category and additivity
-log4j.category.org.springframework=warn,xa_log_appender
-log4j.additivity.org.springframework=false
-
-log4j.category.org.apache.ranger=info,xa_log_appender
-log4j.additivity.org.apache.ranger=false
-
-log4j.category.xa=info,xa_log_appender
-log4j.additivity.xa=false
-
-# perf_logger
-log4j.appender.perf_appender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.perf_appender.file=${logdir}/ranger_admin_perf.log
-log4j.appender.perf_appender.datePattern='.'yyyy-MM-dd
-log4j.appender.perf_appender.append=true
-log4j.appender.perf_appender.layout=org.apache.log4j.PatternLayout
-log4j.appender.perf_appender.layout.ConversionPattern=%d [%t] %m%n
-
-
-# sql_appender
-log4j.appender.sql_appender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.sql_appender.file=${logdir}/xa_portal_sql.log
-log4j.appender.sql_appender.datePattern='.'yyyy-MM-dd
-log4j.appender.sql_appender.append=true
-log4j.appender.sql_appender.layout=org.apache.log4j.PatternLayout
-log4j.appender.sql_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n
-
-# sql_appender : category and additivity
-log4j.category.org.hibernate.SQL=warn,sql_appender
-log4j.additivity.org.hibernate.SQL=false
-
-log4j.category.jdbc.sqlonly=fatal,sql_appender
-log4j.additivity.jdbc.sqlonly=false
-
-log4j.category.jdbc.sqltiming=warn,sql_appender
-log4j.additivity.jdbc.sqltiming=false
-
-log4j.category.jdbc.audit=fatal,sql_appender
-log4j.additivity.jdbc.audit=false
-
-log4j.category.jdbc.resultset=fatal,sql_appender
-log4j.additivity.jdbc.resultset=false
-
-log4j.category.jdbc.connection=fatal,sql_appender
-log4j.additivity.jdbc.connection=false
- </value>
- <value-attributes>
- <type>content</type>
- <show-property-name>false</show-property-name>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml
deleted file mode 100644
index 1d73087..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml
+++ /dev/null
@@ -1,163 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_final="false">
-
-
- <property>
- <name>SQL_CONNECTOR_JAR</name>
- <value>{{driver_curl_target}}</value>
- <display-name>Location of Sql Connector Jar</display-name>
- <description>Location of DB client library (please check the location of the jar file)</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <depends-on>
- <property>
- <type>admin-properties</type>
- <name>DB_FLAVOR</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false" update="false"/>
- </property>
- <property>
- <name>db_root_user</name>
- <value>root</value>
- <display-name>Database Administrator (DBA) username</display-name>
- <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property require-input="true">
- <name>db_root_password</name>
- <value/>
- <property-type>PASSWORD</property-type>
- <display-name>Database Administrator (DBA) password</display-name>
- <description>Database password for the database admin username</description>
- <value-attributes>
- <type>password</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>db_host</name>
- <value/>
- <display-name>Ranger DB host</display-name>
- <description>Database host</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>db_name</name>
- <value>ranger</value>
- <display-name>Ranger DB name</display-name>
- <description>Database name</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>db_user</name>
- <value>rangeradmin</value>
- <display-name>Ranger DB username</display-name>
- <description>Database username used for the Ranger schema</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property require-input="true">
- <name>db_password</name>
- <value/>
- <property-type>PASSWORD</property-type>
- <display-name>Ranger DB password</display-name>
- <description>Database password for the Ranger schema</description>
- <value-attributes>
- <type>password</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>DB_FLAVOR</name>
- <value>MYSQL</value>
- <display-name>DB FLAVOR</display-name>
- <description>The database type to be used (mysql/oracle)</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>MYSQL</value>
- <label>MYSQL</label>
- </entry>
- <entry>
- <value>ORACLE</value>
- <label>ORACLE</label>
- </entry>
- <entry>
- <value>POSTGRES</value>
- <label>POSTGRES</label>
- </entry>
- <entry>
- <value>MSSQL</value>
- <label>MSSQL</label>
- </entry>
- <entry>
- <value>SQLA</value>
- <label>SQL Anywhere</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>policymgr_external_url</name>
- <value/>
- <display-name>External URL</display-name>
- <description>Policy Manager external url eg: http://RANGER_HOST:6080</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <depends-on>
- <property>
- <type>ranger-admin-site</type>
- <name>ranger.service.http.enabled</name>
- </property>
- <property>
- <type>ranger-admin-site</type>
- <name>ranger.service.http.port</name>
- </property>
- <property>
- <type>ranger-admin-site</type>
- <name>ranger.service.https.port</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml
deleted file mode 100644
index d43c010..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>xasecure.policymgr.clientssl.keystore</name>
- <value>/etc/security/serverKeys/atlas-tagsync-keystore.jks</value>
- <description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.keystore.password</name>
- <value>myKeyFilePassword</value>
- <property-type>PASSWORD</property-type>
- <description>password for keystore</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.truststore</name>
- <value>/etc/security/serverKeys/atlas-tagsync-mytruststore.jks</value>
- <description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.truststore.password</name>
- <value>changeit</value>
- <property-type>PASSWORD</property-type>
- <description>java truststore password</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
- <value>jceks://file{{atlas_tagsync_credential_file}}</value>
- <description>java keystore credential file</description>
- <on-ambari-upgrade add="false" />
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
- <value>jceks://file{{atlas_tagsync_credential_file}}</value>
- <description>java truststore credential file</description>
- <on-ambari-upgrade add="false" />
- </property>
-
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml
deleted file mode 100644
index a9153f8..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml
+++ /dev/null
@@ -1,785 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<configuration supports_final="true">
- <property>
- <name>ranger.service.host</name>
- <value>{{ranger_host}}</value>
- <description>Host where ranger service to be installed</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.http.enabled</name>
- <value>true</value>
- <display-name>HTTP enabled</display-name>
- <description>Enable HTTP</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>boolean</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.http.port</name>
- <value>6080</value>
- <description>HTTP port</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.https.port</name>
- <value>6182</value>
- <description>HTTPS port (if SSL is enabled)</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.https.attrib.ssl.enabled</name>
- <value>false</value>
- <description>true/false, set to true if using SSL</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.https.attrib.clientAuth</name>
- <value>want</value>
- <description>Needs to be set to want for two way SSL</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.https.attrib.keystore.keyalias</name>
- <value>rangeradmin</value>
- <description>Alias for Ranger Admin key in keystore</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.https.attrib.keystore.pass</name>
- <value>xasecure</value>
- <property-type>PASSWORD</property-type>
- <description>Password for keystore</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.https.attrib.keystore.file</name>
- <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
- <description>Ranger admin keystore (specify full path)</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.externalurl</name>
- <value>{{ranger_external_url}}</value>
- <display-name>External URL</display-name>
- <description>URL to be used by clients to access ranger admin</description>
- <value-attributes>
- <visible>false</visible>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.jpa.jdbc.driver</name>
- <value>com.mysql.jdbc.Driver</value>
- <display-name>Driver class name for a JDBC Ranger database</display-name>
- <description>JDBC driver class name. Example: For MySQL / MariaDB: com.mysql.jdbc.Driver, For Oracle: oracle.jdbc.OracleDriver</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <depends-on>
- <property>
- <type>admin-properties</type>
- <name>DB_FLAVOR</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.jpa.jdbc.url</name>
- <value>jdbc:mysql://localhost</value>
- <display-name>JDBC connect string for a Ranger database</display-name>
- <description>JDBC connect string</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <depends-on>
- <property>
- <type>admin-properties</type>
- <name>DB_FLAVOR</name>
- </property>
- <property>
- <type>admin-properties</type>
- <name>db_host</name>
- </property>
- <property>
- <type>admin-properties</type>
- <name>db_name</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.jpa.jdbc.user</name>
- <value>{{ranger_db_user}}</value>
- <description>JDBC user</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.jpa.jdbc.password</name>
- <value>_</value>
- <property-type>PASSWORD</property-type>
- <description>JDBC password</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.jpa.jdbc.credential.alias</name>
- <value>rangeradmin</value>
- <description>Alias name for storing JDBC password</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.credential.provider.path</name>
- <value>/etc/ranger/admin/rangeradmin.jceks</value>
- <description>File for credential store, provide full file path</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.audit.source.type</name>
- <value>solr</value>
- <description>db or solr, based on the audit destination used</description>
- <depends-on>
- <property>
- <type>ranger-env</type>
- <name>xasecure.audit.destination.solr</name>
- </property>
- <property>
- <type>ranger-env</type>
- <name>xasecure.audit.destination.db</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.audit.solr.urls</name>
- <value/>
- <description>Solr url for audit. Example: http://solr_host:6083/solr/ranger_audits</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.authentication.method</name>
- <value>UNIX</value>
- <display-name>Authentication method</display-name>
- <description>Ranger admin Authentication - UNIX/PAM/LDAP/AD/NONE</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <depends-on>
- <property>
- <type>ranger-ugsync-site</type>
- <name>ranger.usersync.source.impl.class</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.url</name>
- <display-name>​LDAP URL</display-name>
- <value>{{ranger_ug_ldap_url}}</value>
- <description>LDAP Server URL, only used if Authentication method is LDAP</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.user.dnpattern</name>
- <value>uid={0},ou=users,dc=xasecure,dc=net</value>
- <description>LDAP user DN, only used if Authentication method is LDAP</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.group.searchbase</name>
- <display-name>Group Search Base</display-name>
- <value>{{ranger_ug_ldap_group_searchbase}}</value>
- <description>LDAP group searchbase, only used if Authentication method is LDAP</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.group.searchfilter</name>
- <display-name>Group Search Filter</display-name>
- <value>{{ranger_ug_ldap_group_searchfilter}}</value>
- <description>LDAP group search filter, only used if Authentication method is LDAP</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.ldap.group.roleattribute</name>
- <value>cn</value>
- <description>LDAP group role attribute, only used if Authentication method is LDAP</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.base.dn</name>
- <value>dc=example,dc=com</value>
- <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.bind.dn</name>
- <display-name>Bind User</display-name>
- <value>{{ranger_ug_ldap_bind_dn}}</value>
- <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.bind.password</name>
- <display-name>​Bind User Password</display-name>
- <value>{{ranger_usersync_ldap_ldapbindpassword}}</value>
- <property-type>PASSWORD</property-type>
- <description>Password for the account that can search for users</description>
- <value-attributes>
- <type>password</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.referral</name>
- <value>ignore</value>
- <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.ad.domain</name>
- <display-name>Domain Name (Only for AD)</display-name>
- <value/>
- <description>AD domain, only used if Authentication method is AD</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.ad.url</name>
- <value>{{ranger_ug_ldap_url}}</value>
- <description>AD URL, only used if Authentication method is AD</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.ad.base.dn</name>
- <value>dc=example,dc=com</value>
- <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.ad.bind.dn</name>
- <value>{{ranger_ug_ldap_bind_dn}}</value>
- <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.ad.bind.password</name>
- <value>{{ranger_usersync_ldap_ldapbindpassword}}</value>
- <property-type>PASSWORD</property-type>
- <description>Password for the account that can search for users</description>
- <value-attributes>
- <type>password</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.ldap.ad.referral</name>
- <value>ignore</value>
- <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
-
-
-
-
- <property>
- <name>ranger.unixauth.remote.login.enabled</name>
- <value>true</value>
- <display-name>Allow remote Login</display-name>
- <description>Remote login enabled? - only used if Authentication method is UNIX</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.unixauth.service.hostname</name>
- <value>{{ugsync_host}}</value>
- <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.unixauth.service.port</name>
- <value>5151</value>
- <description>Port for unix authentication service - only used if Authentication method is UNIX</description>
- <value-attributes>
- <type>int</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.jpa.jdbc.dialect</name>
- <value>{{jdbc_dialect}}</value>
- <description>JDBC dialect used for policy DB</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
-
- <property>
- <name>ranger.audit.solr.username</name>
- <value>ranger_solr</value>
- <description>Solr username</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.audit.solr.password</name>
- <value>NONE</value>
- <property-type>PASSWORD</property-type>
- <description>Solr password</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.sso.providerurl</name>
- <value/>
- <display-name>SSO provider url</display-name>
- <description>Example: https://KNOX_HOST:KNOX_PORT/gateway/TOPOLOGY_NAME/knoxsso/api/v1/websso</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <depends-on>
- <property>
- <type>gateway-site</type>
- <name>gateway.port</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.sso.publicKey</name>
- <value/>
- <display-name>SSO public key</display-name>
- <description>Public key for SSO cookie verification</description>
- <value-attributes>
- <type>multiLine</type>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.sso.enabled</name>
- <value>false</value>
- <display-name>Enable Ranger SSO</display-name>
- <description/>
- <value-attributes>
- <overridable>false</overridable>
- <type>boolean</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger.sso.browser.useragent</name>
- <value>Mozilla,chrome</value>
- <display-name>SSO browser useragent</display-name>
- <description>Comma seperated browser agent</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.binddn.credential.alias</name>
- <value>ranger.ldap.bind.password</value>
- <description></description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ldap.ad.binddn.credential.alias</name>
- <value>ranger.ldap.ad.bind.password</value>
- <description></description>
- <on-ambari-upgrade add="false"/>
- </property>
-
-
-
-
-
-
-
-
-
-
-
- <property>
- <name>ranger.admin.kerberos.token.valid.seconds</name>
- <value>30</value>
- <description/>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.admin.kerberos.cookie.domain</name>
- <value>{{ranger_host}}</value>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.admin.kerberos.cookie.path</name>
- <value>/</value>
- <description/>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.spnego.kerberos.principal</name>
- <value>*</value>
- <description/>
- <property-type>KERBEROS_PRINCIPAL</property-type>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.spnego.kerberos.keytab</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.admin.kerberos.principal</name>
- <value/>
- <description/>
- <property-type>KERBEROS_PRINCIPAL</property-type>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.admin.kerberos.keytab</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.lookup.kerberos.principal</name>
- <value/>
- <description/>
- <property-type>KERBEROS_PRINCIPAL</property-type>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.lookup.kerberos.keytab</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.truststore.file</name>
- <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
- <display-name>ranger.truststore.file</display-name>
- <description>Ranger trust-store file-path</description>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.truststore.password</name>
- <value>changeit</value>
- <property-type>PASSWORD</property-type>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <display-name>ranger.truststore.password</display-name>
- <description>Ranger trust-store password</description>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.audit.solr.zookeepers</name>
- <value>NONE</value>
- <description>Solr Zookeeper string</description>
- <depends-on>
- <property>
- <type>infra-solr-env</type>
- <name>infra_solr_znode</name>
- </property>
- <property>
- <type>ranger-env</type>
- <name>is_solrCloud_enabled</name>
- </property>
- <property>
- <type>ranger-env</type>
- <name>is_external_solrCloud_enabled</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
-
-
- <property>
- <name>ranger.ldap.ad.user.searchfilter</name>
- <value>(sAMAccountName={0})</value>
- <description>Search filter used for Bind Authentication</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.ldap.user.searchfilter</name>
- <display-name>User Search Filter</display-name>
- <value>(uid={0})</value>
- <description>Search filter used for Bind Authentication</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.kms.service.user.hdfs</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <depends-on>
- <property>
- <type>hadoop-env</type>
- <name>hdfs_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
- <property>
- <name>ranger.kms.service.user.hive</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <depends-on>
- <property>
- <type>hive-env</type>
- <name>hive_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.plugins.hdfs.serviceuser</name>
- <value>hdfs</value>
- <depends-on>
- <property>
- <type>hadoop-env</type>
- <name>hdfs_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.plugins.hive.serviceuser</name>
- <value>hive</value>
- <depends-on>
- <property>
- <type>hive-env</type>
- <name>hive_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.plugins.hbase.serviceuser</name>
- <value>hbase</value>
- <depends-on>
- <property>
- <type>hbase-env</type>
- <name>hbase_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.plugins.yarn.serviceuser</name>
- <value>yarn</value>
- <depends-on>
- <property>
- <type>yarn-env</type>
- <name>yarn_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.plugins.knox.serviceuser</name>
- <value>knox</value>
- <depends-on>
- <property>
- <type>knox-env</type>
- <name>knox_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.plugins.storm.serviceuser</name>
- <value>storm</value>
- <depends-on>
- <property>
- <type>storm-env</type>
- <name>storm_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.plugins.kafka.serviceuser</name>
- <value>kafka</value>
- <depends-on>
- <property>
- <type>kafka-env</type>
- <name>kafka_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.plugins.atlas.serviceuser</name>
- <value>atlas</value>
- <depends-on>
- <property>
- <type>atlas-env</type>
- <name>metadata_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.plugins.kms.serviceuser</name>
- <value>kms</value>
- <depends-on>
- <property>
- <type>kms-env</type>
- <name>kms_user</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="true"/>
- </property>
-
- <property>
- <name>ranger.is.solr.kerberised</name>
- <value>{{ranger_is_solr_kerberised}}</value>
- <value-attributes>
- <visible>false</visible>
- </value-attributes>
- <description/>
- <on-ambari-upgrade add="true"/>
- </property>
-
-
-
- <property>
- <name>ranger.truststore.alias</name>
- <value>trustStoreAlias</value>
- <description></description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.service.https.attrib.keystore.credential.alias</name>
- <value>keyStoreCredentialAlias</value>
- <description></description>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml
deleted file mode 100644
index 3e25470..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml
+++ /dev/null
@@ -1,513 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_final="true" supports_adding_forbidden="true">
- <property>
- <name>ranger_user</name>
- <value>ranger</value>
- <property-type>USER</property-type>
- <display-name>Ranger User</display-name>
- <description>Ranger username</description>
- <value-attributes>
- <type>user</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_group</name>
- <value>ranger</value>
- <property-type>GROUP</property-type>
- <display-name>Ranger Group</display-name>
- <description>Ranger group</description>
- <value-attributes>
- <type>user</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_admin_log_dir</name>
- <value>/var/log/ranger/admin</value>
- <description/>
- <value-attributes>
- <type>directory</type>
- <overridable>false</overridable>
- <editable-only-at-install>true</editable-only-at-install>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_usersync_log_dir</name>
- <value>/var/log/ranger/usersync</value>
- <description/>
- <value-attributes>
- <type>directory</type>
- <overridable>false</overridable>
- <editable-only-at-install>true</editable-only-at-install>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_admin_username</name>
- <value>amb_ranger_admin</value>
- <property-type>TEXT</property-type>
- <display-name>Ranger Admin username for Ambari</display-name>
- <description>This is the ambari user created for creating repositories and policies in Ranger Admin for each plugin</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_admin_password</name>
- <value/>
- <property-type>PASSWORD</property-type>
- <display-name>Ranger Admin user's password for Ambari</display-name>
- <description>This is the ambari user password created for creating repositories and policies in Ranger Admin for each plugin</description>
- <value-attributes>
- <type>password</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>admin_username</name>
- <value>admin</value>
- <description>This is the username for default admin user that is used for creating ambari user in Ranger Admin</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>admin_password</name>
- <value>admin</value>
- <property-type>PASSWORD</property-type>
- <description>This is the password for default admin user that is used for creating ambari user in Ranger Admin</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
-
- <property>
- <name>ranger_pid_dir</name>
- <value>/var/run/ranger</value>
- <description/>
- <value-attributes>
- <type>directory</type>
- <overridable>false</overridable>
- <editable-only-at-install>true</editable-only-at-install>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger-hdfs-plugin-enabled</name>
- <value>No</value>
- <display-name>HDFS Ranger Plugin</display-name>
- <description>Enable HDFS Ranger plugin</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>Yes</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>No</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger-hive-plugin-enabled</name>
- <value>No</value>
- <display-name>Hive Ranger Plugin</display-name>
- <description>Enable Hive Ranger plugin</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>Yes</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>No</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger-hbase-plugin-enabled</name>
- <value>No</value>
- <display-name>Hbase Ranger Plugin</display-name>
- <description>Enable HBase Ranger plugin</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>Yes</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>No</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger-storm-plugin-enabled</name>
- <value>No</value>
- <display-name>Storm Ranger Plugin</display-name>
- <description>Enable Storm Ranger plugin</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>Yes</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>No</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger-knox-plugin-enabled</name>
- <value>No</value>
- <display-name>Knox Ranger Plugin</display-name>
- <description>Enable Knox Ranger plugin</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>Yes</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>No</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
-
- <property>
- <name>xml_configurations_supported</name>
- <value>true</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>create_db_dbuser</name>
- <value>true</value>
- <display-name>Setup Database and Database User</display-name>
- <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description>
- <value-attributes>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger_privelege_user_jdbc_url</name>
- <display-name>JDBC connect string for root user</display-name>
- <description>JDBC connect string - auto populated based on other values. This is to be used by root user</description>
- <value>jdbc:mysql://localhost</value>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <depends-on>
- <property>
- <type>admin-properties</type>
- <name>DB_FLAVOR</name>
- </property>
- <property>
- <type>admin-properties</type>
- <name>db_host</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger-yarn-plugin-enabled</name>
- <value>No</value>
- <display-name>YARN Ranger Plugin</display-name>
- <description>Enable YARN Ranger plugin</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>Yes</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>No</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger-kafka-plugin-enabled</name>
- <value>No</value>
- <display-name>Kafka Ranger Plugin</display-name>
- <description>Enable Kafka Ranger plugin</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>Yes</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>No</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.solr</name>
- <value>true</value>
- <display-name>Audit to Solr</display-name>
- <description>Enable Audit to Solr for all ranger supported services. This property is overridable at service level</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>true</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>false</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>is_solrCloud_enabled</name>
- <display-name>SolrCloud</display-name>
- <description>SolrCloud uses zookeeper for distributed search and indexing</description>
- <value>false</value>
- <value-attributes>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>false</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.hdfs</name>
- <value>true</value>
- <display-name>Audit to HDFS</display-name>
- <description>Enable Audit to HDFS for all ranger supported services. This property is overridable at service level</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>true</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>false</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>xasecure.audit.destination.hdfs.dir</name>
- <value>hdfs://localhost:8020</value>
- <display-name>Destination HDFS Directory</display-name>
- <description>HDFS folder to write audit to, make sure all service user has required permissions. This property is overridable at service level</description>
- <depends-on>
- <property>
- <type>core-site</type>
- <name>fs.defaultFS</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_solr_config_set</name>
- <value>ranger_audits</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_solr_collection_name</name>
- <value>ranger_audits</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_solr_shards</name>
- <value>1</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_solr_replication_factor</name>
- <value>1</value>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger-atlas-plugin-enabled</name>
- <value>No</value>
- <display-name>Atlas Ranger Plugin</display-name>
- <description>Enable Atlas Ranger plugin</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>Yes</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>No</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>is_external_solrCloud_enabled</name>
- <display-name>External SolrCloud</display-name>
- <value>false</value>
- <description>Using Externally managed solr cloud ?</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>true</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>false</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>is_external_solrCloud_kerberos</name>
- <display-name>External SolrCloud kerberos</display-name>
- <value>false</value>
- <description>Is Externally managed solr cloud kerberos ?</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>true</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>false</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>ranger-nifi-plugin-enabled</name>
- <value>No</value>
- <display-name>NIFI Ranger Plugin</display-name>
- <description>Enable NIFI Ranger plugin</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>Yes</value>
- <label>ON</label>
- </entry>
- <entry>
- <value>No</value>
- <label>OFF</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml
deleted file mode 100644
index c70e222..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_final="false">
-
-
-
-
-
-
-
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml
deleted file mode 100644
index 550ce0d..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>ranger_audit_max_retention_days</name>
- <display-name>Max Retention Days</display-name>
- <description>Days to retain audit logs in Solr</description>
- <value>90</value>
- <value-attributes>
- <type>int</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_audit_logs_merge_factor</name>
- <display-name>Merge Factor</display-name>
- <description>
- The mergeFactor value tells Lucene how many segments of equal size to build before merging them into a
- single segment. High value merge factor (e.g. 25) improves indexing speed, but slows down searching. Low value
- (e.g. 5) improves searching, but slows down indexing.
- </description>
- <value>5</value>
- <value-attributes>
- <type>int</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>content</name>
- <display-name>solr-config template</display-name>
- <description>the jinja template for solrconfig.xml file used for ranger audit logs</description>
- <value/>
- <property-type>VALUE_FROM_PROPERTY_FILE</property-type>
- <value-attributes>
- <property-file-name>ranger-solrconfig.xml.j2</property-file-name>
- <property-file-type>xml</property-file-type>
- </value-attributes>
- <on-ambari-upgrade add="false" />
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
deleted file mode 100644
index a4c9441..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>xasecure.policymgr.clientssl.keystore</name>
- <value>/etc/security/serverKeys/ranger-tagsync-keystore.jks</value>
- <description>Java Keystore files</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.keystore.password</name>
- <value>myKeyFilePassword</value>
- <property-type>PASSWORD</property-type>
- <description>password for keystore</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.truststore</name>
- <value>/etc/security/serverKeys/ranger-tagsync-mytruststore.jks</value>
- <description>java truststore file</description>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.truststore.password</name>
- <value>changeit</value>
- <property-type>PASSWORD</property-type>
- <description>java truststore password</description>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
- <value>jceks://file{{ranger_tagsync_credential_file}}</value>
- <description>java keystore credential file</description>
- <on-ambari-upgrade add="false" />
- </property>
-
- <property>
- <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
- <value>jceks://file{{ranger_tagsync_credential_file}}</value>
- <description>java truststore credential file</description>
- <on-ambari-upgrade add="false" />
- </property>
-
-</configuration>
[07/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/properties/ranger-solrconfig.xml.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/properties/ranger-solrconfig.xml.j2 b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/properties/ranger-solrconfig.xml.j2
new file mode 100644
index 0000000..a1975fd
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/properties/ranger-solrconfig.xml.j2
@@ -0,0 +1,1874 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!--
+ For more details about configurations options that may appear in
+ this file, see http://wiki.apache.org/solr/SolrConfigXml.
+-->
+<config>
+ <!-- In all configuration below, a prefix of "solr." for class names
+ is an alias that causes solr to search appropriate packages,
+ including org.apache.solr.(search|update|request|core|analysis)
+
+ You may also specify a fully qualified Java classname if you
+ have your own custom plugins.
+ -->
+
+ <!-- Controls what version of Lucene various components of Solr
+ adhere to. Generally, you want to use the latest version to
+ get all bug fixes and improvements. It is highly recommended
+ that you fully re-index after changing this setting as it can
+ affect both how text is indexed and queried.
+ -->
+ <luceneMatchVersion>5.2.0</luceneMatchVersion>
+
+ <!-- <lib/> directives can be used to instruct Solr to load any Jars
+ identified and use them to resolve any "plugins" specified in
+ your solrconfig.xml or schema.xml (ie: Analyzers, Request
+ Handlers, etc...).
+
+ All directories and paths are resolved relative to the
+ instanceDir.
+
+ Please note that <lib/> directives are processed in the order
+ that they appear in your solrconfig.xml file, and are "stacked"
+ on top of each other when building a ClassLoader - so if you have
+ plugin jars with dependencies on other jars, the "lower level"
+ dependency jars should be loaded first.
+
+ If a "./lib" directory exists in your instanceDir, all files
+ found in it are included as if you had used the following
+ syntax...
+
+ <lib dir="./lib" />
+ -->
+
+ <!-- A 'dir' option by itself adds any files found in the directory
+ to the classpath, this is useful for including all jars in a
+ directory.
+
+ When a 'regex' is specified in addition to a 'dir', only the
+ files in that directory which completely match the regex
+ (anchored on both ends) will be included.
+
+ If a 'dir' option (with or without a regex) is used and nothing
+ is found that matches, a warning will be logged.
+
+ The examples below can be used to load some solr-contribs along
+ with their external dependencies.
+ -->
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-dataimporthandler-.*\.jar" />
+
+ <lib dir="${solr.install.dir:../../../..}/contrib/extraction/lib" regex=".*\.jar" />
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-cell-\d.*\.jar" />
+
+ <lib dir="${solr.install.dir:../../../..}/contrib/clustering/lib/" regex=".*\.jar" />
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-clustering-\d.*\.jar" />
+
+ <lib dir="${solr.install.dir:../../../..}/contrib/langid/lib/" regex=".*\.jar" />
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-langid-\d.*\.jar" />
+
+ <lib dir="${solr.install.dir:../../../..}/contrib/velocity/lib" regex=".*\.jar" />
+ <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-velocity-\d.*\.jar" />
+
+ <!-- an exact 'path' can be used instead of a 'dir' to specify a
+ specific jar file. This will cause a serious error to be logged
+ if it can't be loaded.
+ -->
+ <!--
+ <lib path="../a-jar-that-does-not-exist.jar" />
+ -->
+
+ <!-- Data Directory
+
+ Used to specify an alternate directory to hold all index data
+ other than the default ./data under the Solr home. If
+ replication is in use, this should match the replication
+ configuration.
+ -->
+ <dataDir>${solr.data.dir:}</dataDir>
+
+
+ <!-- The DirectoryFactory to use for indexes.
+
+ solr.StandardDirectoryFactory is filesystem
+ based and tries to pick the best implementation for the current
+ JVM and platform. solr.NRTCachingDirectoryFactory, the default,
+ wraps solr.StandardDirectoryFactory and caches small files in memory
+ for better NRT performance.
+
+ One can force a particular implementation via solr.MMapDirectoryFactory,
+ solr.NIOFSDirectoryFactory, or solr.SimpleFSDirectoryFactory.
+
+ solr.RAMDirectoryFactory is memory based, not
+ persistent, and doesn't work with replication.
+ -->
+ <directoryFactory name="DirectoryFactory"
+ class="${solr.directoryFactory:solr.NRTCachingDirectoryFactory}">
+
+
+ <!-- These will be used if you are using the solr.HdfsDirectoryFactory,
+ otherwise they will be ignored. If you don't plan on using hdfs,
+ you can safely remove this section. -->
+ <!-- The root directory that collection data should be written to. -->
+ <str name="solr.hdfs.home">${solr.hdfs.home:}</str>
+ <!-- The hadoop configuration files to use for the hdfs client. -->
+ <str name="solr.hdfs.confdir">${solr.hdfs.confdir:}</str>
+ <!-- Enable/Disable the hdfs cache. -->
+ <str name="solr.hdfs.blockcache.enabled">${solr.hdfs.blockcache.enabled:true}</str>
+ <!-- Enable/Disable using one global cache for all SolrCores.
+ The settings used will be from the first HdfsDirectoryFactory created. -->
+ <str name="solr.hdfs.blockcache.global">${solr.hdfs.blockcache.global:true}</str>
+
+ </directoryFactory>
+
+ <!-- The CodecFactory for defining the format of the inverted index.
+ The default implementation is SchemaCodecFactory, which is the official Lucene
+ index format, but hooks into the schema to provide per-field customization of
+ the postings lists and per-document values in the fieldType element
+ (postingsFormat/docValuesFormat). Note that most of the alternative implementations
+ are experimental, so if you choose to customize the index format, it's a good
+ idea to convert back to the official format e.g. via IndexWriter.addIndexes(IndexReader)
+ before upgrading to a newer version to avoid unnecessary reindexing.
+ -->
+ <codecFactory class="solr.SchemaCodecFactory"/>
+
+ <!-- To enable dynamic schema REST APIs, use the following for <schemaFactory>: -->
+
+ <schemaFactory class="ManagedIndexSchemaFactory">
+ <bool name="mutable">true</bool>
+ <str name="managedSchemaResourceName">managed-schema</str>
+ </schemaFactory>
+<!--
+ When ManagedIndexSchemaFactory is specified, Solr will load the schema from
+ the resource named in 'managedSchemaResourceName', rather than from schema.xml.
+ Note that the managed schema resource CANNOT be named schema.xml. If the managed
+ schema does not exist, Solr will create it after reading schema.xml, then rename
+ 'schema.xml' to 'schema.xml.bak'.
+
+ Do NOT hand edit the managed schema - external modifications will be ignored and
+ overwritten as a result of schema modification REST API calls.
+
+ When ManagedIndexSchemaFactory is specified with mutable = true, schema
+ modification REST API calls will be allowed; otherwise, error responses will be
+ sent back for these requests.
+
+ <schemaFactory class="ClassicIndexSchemaFactory"/>
+ -->
+
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Index Config - These settings control low-level behavior of indexing
+ Most example settings here show the default value, but are commented
+ out, to more easily see where customizations have been made.
+
+ Note: This replaces <indexDefaults> and <mainIndex> from older versions
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <indexConfig>
+ <!-- maxFieldLength was removed in 4.0. To get similar behavior, include a
+ LimitTokenCountFilterFactory in your fieldType definition. E.g.
+ <filter class="solr.LimitTokenCountFilterFactory" maxTokenCount="10000"/>
+ -->
+ <!-- Maximum time to wait for a write lock (ms) for an IndexWriter. Default: 1000 -->
+ <!-- <writeLockTimeout>1000</writeLockTimeout> -->
+
+ <!-- The maximum number of simultaneous threads that may be
+ indexing documents at once in IndexWriter; if more than this
+ many threads arrive they will wait for others to finish.
+ Default in Solr/Lucene is 8. -->
+ <!-- <maxIndexingThreads>8</maxIndexingThreads> -->
+
+ <!-- Expert: Enabling compound file will use less files for the index,
+ using fewer file descriptors on the expense of performance decrease.
+ Default in Lucene is "true". Default in Solr is "false" (since 3.6) -->
+ <!-- <useCompoundFile>false</useCompoundFile> -->
+
+ <!-- ramBufferSizeMB sets the amount of RAM that may be used by Lucene
+ indexing for buffering added documents and deletions before they are
+ flushed to the Directory.
+ maxBufferedDocs sets a limit on the number of documents buffered
+ before flushing.
+ If both ramBufferSizeMB and maxBufferedDocs is set, then
+ Lucene will flush based on whichever limit is hit first.
+ The default is 100 MB. -->
+ <!-- <ramBufferSizeMB>100</ramBufferSizeMB> -->
+ <!-- <maxBufferedDocs>1000</maxBufferedDocs> -->
+
+ <!-- Expert: Merge Policy
+ The Merge Policy in Lucene controls how merging of segments is done.
+ The default since Solr/Lucene 3.3 is TieredMergePolicy.
+ The default since Lucene 2.3 was the LogByteSizeMergePolicy,
+ Even older versions of Lucene used LogDocMergePolicy.
+ -->
+ <!--
+ <mergePolicy class="org.apache.lucene.index.TieredMergePolicy">
+ <int name="maxMergeAtOnce">10</int>
+ <int name="segmentsPerTier">10</int>
+ </mergePolicy>
+ -->
+
+ <!-- Merge Factor
+ The merge factor controls how many segments will get merged at a time.
+ For TieredMergePolicy, mergeFactor is a convenience parameter which
+ will set both MaxMergeAtOnce and SegmentsPerTier at once.
+ For LogByteSizeMergePolicy, mergeFactor decides how many new segments
+ will be allowed before they are merged into one.
+ Default is 10 for both merge policies.
+ -->
+ <!--
+ <mergeFactor>10</mergeFactor>
+ -->
+
+ <!-- Ranger customization. Set to 5 to trigger purging of deleted documents more often -->
+ <mergeFactor>{{ranger_audit_logs_merge_factor}}</mergeFactor>
+
+ <!-- Expert: Merge Scheduler
+ The Merge Scheduler in Lucene controls how merges are
+ performed. The ConcurrentMergeScheduler (Lucene 2.3 default)
+ can perform merges in the background using separate threads.
+ The SerialMergeScheduler (Lucene 2.2 default) does not.
+ -->
+ <!--
+ <mergeScheduler class="org.apache.lucene.index.ConcurrentMergeScheduler"/>
+ -->
+
+ <!-- LockFactory
+
+ This option specifies which Lucene LockFactory implementation
+ to use.
+
+ single = SingleInstanceLockFactory - suggested for a
+ read-only index or when there is no possibility of
+ another process trying to modify the index.
+ native = NativeFSLockFactory - uses OS native file locking.
+ Do not use when multiple solr webapps in the same
+ JVM are attempting to share a single index.
+ simple = SimpleFSLockFactory - uses a plain file for locking
+
+ Defaults: 'native' is default for Solr3.6 and later, otherwise
+ 'simple' is the default
+
+ More details on the nuances of each LockFactory...
+ http://wiki.apache.org/lucene-java/AvailableLockFactories
+ -->
+ <lockType>${solr.lock.type:native}</lockType>
+
+ <!-- Unlock On Startup
+
+ If true, unlock any held write or commit locks on startup.
+ This defeats the locking mechanism that allows multiple
+ processes to safely access a lucene index, and should be used
+ with care. Default is "false".
+
+ This is not needed if lock type is 'single'
+ -->
+ <!--
+ <unlockOnStartup>false</unlockOnStartup>
+ -->
+
+ <!-- Commit Deletion Policy
+ Custom deletion policies can be specified here. The class must
+ implement org.apache.lucene.index.IndexDeletionPolicy.
+
+ The default Solr IndexDeletionPolicy implementation supports
+ deleting index commit points on number of commits, age of
+ commit point and optimized status.
+
+ The latest commit point should always be preserved regardless
+ of the criteria.
+ -->
+ <!--
+ <deletionPolicy class="solr.SolrDeletionPolicy">
+ -->
+ <!-- The number of commit points to be kept -->
+ <!-- <str name="maxCommitsToKeep">1</str> -->
+ <!-- The number of optimized commit points to be kept -->
+ <!-- <str name="maxOptimizedCommitsToKeep">0</str> -->
+ <!--
+ Delete all commit points once they have reached the given age.
+ Supports DateMathParser syntax e.g.
+ -->
+ <!--
+ <str name="maxCommitAge">30MINUTES</str>
+ <str name="maxCommitAge">1DAY</str>
+ -->
+ <!--
+ </deletionPolicy>
+ -->
+
+ <!-- Lucene Infostream
+
+ To aid in advanced debugging, Lucene provides an "InfoStream"
+ of detailed information when indexing.
+
+ Setting the value to true will instruct the underlying Lucene
+ IndexWriter to write its info stream to solr's log. By default,
+ this is enabled here, and controlled through log4j.properties.
+ -->
+ <infoStream>true</infoStream>
+ </indexConfig>
+
+
+ <!-- JMX
+
+ This example enables JMX if and only if an existing MBeanServer
+ is found, use this if you want to configure JMX through JVM
+ parameters. Remove this to disable exposing Solr configuration
+ and statistics to JMX.
+
+ For more details see http://wiki.apache.org/solr/SolrJmx
+ -->
+ <jmx />
+ <!-- If you want to connect to a particular server, specify the
+ agentId
+ -->
+ <!-- <jmx agentId="myAgent" /> -->
+ <!-- If you want to start a new MBeanServer, specify the serviceUrl -->
+ <!-- <jmx serviceUrl="service:jmx:rmi:///jndi/rmi://localhost:9999/solr"/>
+ -->
+
+ <!-- The default high-performance update handler -->
+ <updateHandler class="solr.DirectUpdateHandler2">
+
+ <!-- Enables a transaction log, used for real-time get, durability, and
+ and solr cloud replica recovery. The log can grow as big as
+ uncommitted changes to the index, so use of a hard autoCommit
+ is recommended (see below).
+ "dir" - the target directory for transaction logs, defaults to the
+ solr data directory. -->
+ <updateLog>
+ <str name="dir">${solr.ulog.dir:}</str>
+ </updateLog>
+
+ <!-- AutoCommit
+
+ Perform a hard commit automatically under certain conditions.
+ Instead of enabling autoCommit, consider using "commitWithin"
+ when adding documents.
+
+ http://wiki.apache.org/solr/UpdateXmlMessages
+
+ maxDocs - Maximum number of documents to add since the last
+ commit before automatically triggering a new commit.
+
+ maxTime - Maximum amount of time in ms that is allowed to pass
+ since a document was added before automatically
+ triggering a new commit.
+ openSearcher - if false, the commit causes recent index changes
+ to be flushed to stable storage, but does not cause a new
+ searcher to be opened to make those changes visible.
+
+ If the updateLog is enabled, then it's highly recommended to
+ have some sort of hard autoCommit to limit the log size.
+ -->
+ <autoCommit>
+ <maxTime>${solr.autoCommit.maxTime:15000}</maxTime>
+ <openSearcher>false</openSearcher>
+ </autoCommit>
+
+ <!-- softAutoCommit is like autoCommit except it causes a
+ 'soft' commit which only ensures that changes are visible
+ but does not ensure that data is synced to disk. This is
+ faster and more near-realtime friendly than a hard commit.
+ -->
+
+ <autoSoftCommit>
+ <maxTime>${solr.autoSoftCommit.maxTime:5000}</maxTime>
+ </autoSoftCommit>
+
+ <!-- Update Related Event Listeners
+
+ Various IndexWriter related events can trigger Listeners to
+ take actions.
+
+ postCommit - fired after every commit or optimize command
+ postOptimize - fired after every optimize command
+ -->
+ <!-- The RunExecutableListener executes an external command from a
+ hook such as postCommit or postOptimize.
+
+ exe - the name of the executable to run
+ dir - dir to use as the current working directory. (default=".")
+ wait - the calling thread waits until the executable returns.
+ (default="true")
+ args - the arguments to pass to the program. (default is none)
+ env - environment variables to set. (default is none)
+ -->
+ <!-- This example shows how RunExecutableListener could be used
+ with the script based replication...
+ http://wiki.apache.org/solr/CollectionDistribution
+ -->
+ <!--
+ <listener event="postCommit" class="solr.RunExecutableListener">
+ <str name="exe">solr/bin/snapshooter</str>
+ <str name="dir">.</str>
+ <bool name="wait">true</bool>
+ <arr name="args"> <str>arg1</str> <str>arg2</str> </arr>
+ <arr name="env"> <str>MYVAR=val1</str> </arr>
+ </listener>
+ -->
+
+ </updateHandler>
+
+ <!-- IndexReaderFactory
+
+ Use the following format to specify a custom IndexReaderFactory,
+ which allows for alternate IndexReader implementations.
+
+ ** Experimental Feature **
+
+ Please note - Using a custom IndexReaderFactory may prevent
+ certain other features from working. The API to
+ IndexReaderFactory may change without warning or may even be
+ removed from future releases if the problems cannot be
+ resolved.
+
+
+ ** Features that may not work with custom IndexReaderFactory **
+
+ The ReplicationHandler assumes a disk-resident index. Using a
+ custom IndexReader implementation may cause incompatibility
+ with ReplicationHandler and may cause replication to not work
+ correctly. See SOLR-1366 for details.
+
+ -->
+ <!--
+ <indexReaderFactory name="IndexReaderFactory" class="package.class">
+ <str name="someArg">Some Value</str>
+ </indexReaderFactory >
+ -->
+
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Query section - these settings control query time things like caches
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <query>
+ <!-- Max Boolean Clauses
+
+ Maximum number of clauses in each BooleanQuery, an exception
+ is thrown if exceeded.
+
+ ** WARNING **
+
+ This option actually modifies a global Lucene property that
+ will affect all SolrCores. If multiple solrconfig.xml files
+ disagree on this property, the value at any given moment will
+ be based on the last SolrCore to be initialized.
+
+ -->
+ <maxBooleanClauses>1024</maxBooleanClauses>
+
+
+ <!-- Solr Internal Query Caches
+
+ There are two implementations of cache available for Solr,
+ LRUCache, based on a synchronized LinkedHashMap, and
+ FastLRUCache, based on a ConcurrentHashMap.
+
+ FastLRUCache has faster gets and slower puts in single
+ threaded operation and thus is generally faster than LRUCache
+ when the hit ratio of the cache is high (> 75%), and may be
+ faster under other scenarios on multi-cpu systems.
+ -->
+
+ <!-- Filter Cache
+
+ Cache used by SolrIndexSearcher for filters (DocSets),
+ unordered sets of *all* documents that match a query. When a
+ new searcher is opened, its caches may be prepopulated or
+ "autowarmed" using data from caches in the old searcher.
+ autowarmCount is the number of items to prepopulate. For
+ LRUCache, the autowarmed items will be the most recently
+ accessed items.
+
+ Parameters:
+ class - the SolrCache implementation LRUCache or
+ (LRUCache or FastLRUCache)
+ size - the maximum number of entries in the cache
+ initialSize - the initial capacity (number of entries) of
+ the cache. (see java.util.HashMap)
+ autowarmCount - the number of entries to prepopulate from
+ and old cache.
+ -->
+ <filterCache class="solr.FastLRUCache"
+ size="512"
+ initialSize="512"
+ autowarmCount="0"/>
+
+ <!-- Query Result Cache
+
+ Caches results of searches - ordered lists of document ids
+ (DocList) based on a query, a sort, and the range of documents requested.
+ -->
+ <queryResultCache class="solr.LRUCache"
+ size="512"
+ initialSize="512"
+ autowarmCount="0"/>
+
+ <!-- Document Cache
+
+ Caches Lucene Document objects (the stored fields for each
+ document). Since Lucene internal document ids are transient,
+ this cache will not be autowarmed.
+ -->
+ <documentCache class="solr.LRUCache"
+ size="512"
+ initialSize="512"
+ autowarmCount="0"/>
+
+ <!-- custom cache currently used by block join -->
+ <cache name="perSegFilter"
+ class="solr.search.LRUCache"
+ size="10"
+ initialSize="0"
+ autowarmCount="10"
+ regenerator="solr.NoOpRegenerator" />
+
+ <!-- Field Value Cache
+
+ Cache used to hold field values that are quickly accessible
+ by document id. The fieldValueCache is created by default
+ even if not configured here.
+ -->
+ <!--
+ <fieldValueCache class="solr.FastLRUCache"
+ size="512"
+ autowarmCount="128"
+ showItems="32" />
+ -->
+
+ <!-- Custom Cache
+
+ Example of a generic cache. These caches may be accessed by
+ name through SolrIndexSearcher.getCache(),cacheLookup(), and
+ cacheInsert(). The purpose is to enable easy caching of
+ user/application level data. The regenerator argument should
+ be specified as an implementation of solr.CacheRegenerator
+ if autowarming is desired.
+ -->
+ <!--
+ <cache name="myUserCache"
+ class="solr.LRUCache"
+ size="4096"
+ initialSize="1024"
+ autowarmCount="1024"
+ regenerator="com.mycompany.MyRegenerator"
+ />
+ -->
+
+
+ <!-- Lazy Field Loading
+
+ If true, stored fields that are not requested will be loaded
+ lazily. This can result in a significant speed improvement
+ if the usual case is to not load all stored fields,
+ especially if the skipped fields are large compressed text
+ fields.
+ -->
+ <enableLazyFieldLoading>true</enableLazyFieldLoading>
+
+ <!-- Use Filter For Sorted Query
+
+ A possible optimization that attempts to use a filter to
+ satisfy a search. If the requested sort does not include
+ score, then the filterCache will be checked for a filter
+ matching the query. If found, the filter will be used as the
+ source of document ids, and then the sort will be applied to
+ that.
+
+ For most situations, this will not be useful unless you
+ frequently get the same search repeatedly with different sort
+ options, and none of them ever use "score"
+ -->
+ <!--
+ <useFilterForSortedQuery>true</useFilterForSortedQuery>
+ -->
+
+ <!-- Result Window Size
+
+ An optimization for use with the queryResultCache. When a search
+ is requested, a superset of the requested number of document ids
+ are collected. For example, if a search for a particular query
+ requests matching documents 10 through 19, and queryWindowSize is 50,
+ then documents 0 through 49 will be collected and cached. Any further
+ requests in that range can be satisfied via the cache.
+ -->
+ <queryResultWindowSize>20</queryResultWindowSize>
+
+ <!-- Maximum number of documents to cache for any entry in the
+ queryResultCache.
+ -->
+ <queryResultMaxDocsCached>200</queryResultMaxDocsCached>
+
+ <!-- Query Related Event Listeners
+
+ Various IndexSearcher related events can trigger Listeners to
+ take actions.
+
+ newSearcher - fired whenever a new searcher is being prepared
+ and there is a current searcher handling requests (aka
+ registered). It can be used to prime certain caches to
+ prevent long request times for certain requests.
+
+ firstSearcher - fired whenever a new searcher is being
+ prepared but there is no current registered searcher to handle
+ requests or to gain autowarming data from.
+
+
+ -->
+ <!-- QuerySenderListener takes an array of NamedList and executes a
+ local query request for each NamedList in sequence.
+ -->
+ <listener event="newSearcher" class="solr.QuerySenderListener">
+ <arr name="queries">
+ <!--
+ <lst><str name="q">solr</str><str name="sort">price asc</str></lst>
+ <lst><str name="q">rocks</str><str name="sort">weight asc</str></lst>
+ -->
+ </arr>
+ </listener>
+ <listener event="firstSearcher" class="solr.QuerySenderListener">
+ <arr name="queries">
+ <lst>
+ <str name="q">static firstSearcher warming in solrconfig.xml</str>
+ </lst>
+ </arr>
+ </listener>
+
+ <!-- Use Cold Searcher
+
+ If a search request comes in and there is no current
+ registered searcher, then immediately register the still
+ warming searcher and use it. If "false" then all requests
+ will block until the first searcher is done warming.
+ -->
+ <useColdSearcher>true</useColdSearcher>
+
+ <!-- Max Warming Searchers
+
+ Maximum number of searchers that may be warming in the
+ background concurrently. An error is returned if this limit
+ is exceeded.
+
+ Recommend values of 1-2 for read-only slaves, higher for
+ masters w/o cache warming.
+ -->
+ <maxWarmingSearchers>2</maxWarmingSearchers>
+
+ </query>
+
+
+ <!-- Request Dispatcher
+
+ This section contains instructions for how the SolrDispatchFilter
+ should behave when processing requests for this SolrCore.
+
+ handleSelect is a legacy option that affects the behavior of requests
+ such as /select?qt=XXX
+
+ handleSelect="true" will cause the SolrDispatchFilter to process
+ the request and dispatch the query to a handler specified by the
+ "qt" param, assuming "/select" isn't already registered.
+
+ handleSelect="false" will cause the SolrDispatchFilter to
+ ignore "/select" requests, resulting in a 404 unless a handler
+ is explicitly registered with the name "/select"
+
+ handleSelect="true" is not recommended for new users, but is the default
+ for backwards compatibility
+ -->
+ <requestDispatcher handleSelect="false" >
+ <!-- Request Parsing
+
+ These settings indicate how Solr Requests may be parsed, and
+ what restrictions may be placed on the ContentStreams from
+ those requests
+
+ enableRemoteStreaming - enables use of the stream.file
+ and stream.url parameters for specifying remote streams.
+
+ multipartUploadLimitInKB - specifies the max size (in KiB) of
+ Multipart File Uploads that Solr will allow in a Request.
+
+ formdataUploadLimitInKB - specifies the max size (in KiB) of
+ form data (application/x-www-form-urlencoded) sent via
+ POST. You can use POST to pass request parameters not
+ fitting into the URL.
+
+ addHttpRequestToContext - if set to true, it will instruct
+ the requestParsers to include the original HttpServletRequest
+ object in the context map of the SolrQueryRequest under the
+ key "httpRequest". It will not be used by any of the existing
+ Solr components, but may be useful when developing custom
+ plugins.
+
+ *** WARNING ***
+ The settings below authorize Solr to fetch remote files, You
+ should make sure your system has some authentication before
+ using enableRemoteStreaming="true"
+
+ -->
+ <requestParsers enableRemoteStreaming="true"
+ multipartUploadLimitInKB="2048000"
+ formdataUploadLimitInKB="2048"
+ addHttpRequestToContext="false"/>
+
+ <!-- HTTP Caching
+
+ Set HTTP caching related parameters (for proxy caches and clients).
+
+ The options below instruct Solr not to output any HTTP Caching
+ related headers
+ -->
+ <httpCaching never304="true" />
+ <!-- If you include a <cacheControl> directive, it will be used to
+ generate a Cache-Control header (as well as an Expires header
+ if the value contains "max-age=")
+
+ By default, no Cache-Control header is generated.
+
+ You can use the <cacheControl> option even if you have set
+ never304="true"
+ -->
+ <!--
+ <httpCaching never304="true" >
+ <cacheControl>max-age=30, public</cacheControl>
+ </httpCaching>
+ -->
+ <!-- To enable Solr to respond with automatically generated HTTP
+ Caching headers, and to response to Cache Validation requests
+ correctly, set the value of never304="false"
+
+ This will cause Solr to generate Last-Modified and ETag
+ headers based on the properties of the Index.
+
+ The following options can also be specified to affect the
+ values of these headers...
+
+ lastModFrom - the default value is "openTime" which means the
+ Last-Modified value (and validation against If-Modified-Since
+ requests) will all be relative to when the current Searcher
+ was opened. You can change it to lastModFrom="dirLastMod" if
+ you want the value to exactly correspond to when the physical
+ index was last modified.
+
+ etagSeed="..." is an option you can change to force the ETag
+ header (and validation against If-None-Match requests) to be
+ different even if the index has not changed (ie: when making
+ significant changes to your config file)
+
+ (lastModifiedFrom and etagSeed are both ignored if you use
+ the never304="true" option)
+ -->
+ <!--
+ <httpCaching lastModifiedFrom="openTime"
+ etagSeed="Solr">
+ <cacheControl>max-age=30, public</cacheControl>
+ </httpCaching>
+ -->
+ </requestDispatcher>
+
+ <!-- Request Handlers
+
+ http://wiki.apache.org/solr/SolrRequestHandler
+
+ Incoming queries will be dispatched to a specific handler by name
+ based on the path specified in the request.
+
+ Legacy behavior: If the request path uses "/select" but no Request
+ Handler has that name, and if handleSelect="true" has been specified in
+ the requestDispatcher, then the Request Handler is dispatched based on
+ the qt parameter. Handlers without a leading '/' are accessed this way
+ like so: http://host/app/[core/]select?qt=name If no qt is
+ given, then the requestHandler that declares default="true" will be
+ used or the one named "standard".
+
+ If a Request Handler is declared with startup="lazy", then it will
+ not be initialized until the first request that uses it.
+
+ -->
+
+ <requestHandler name="/dataimport" class="solr.DataImportHandler">
+ <lst name="defaults">
+ <str name="config">solr-data-config.xml</str>
+ </lst>
+ </requestHandler>
+
+ <!-- SearchHandler
+
+ http://wiki.apache.org/solr/SearchHandler
+
+ For processing Search Queries, the primary Request Handler
+ provided with Solr is "SearchHandler" It delegates to a sequent
+ of SearchComponents (see below) and supports distributed
+ queries across multiple shards
+ -->
+ <requestHandler name="/select" class="solr.SearchHandler">
+ <!-- default values for query parameters can be specified, these
+ will be overridden by parameters in the request
+ -->
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+ <int name="rows">10</int>
+ <str name="df">text</str>
+ </lst>
+ <!-- In addition to defaults, "appends" params can be specified
+ to identify values which should be appended to the list of
+ multi-val params from the query (or the existing "defaults").
+ -->
+ <!-- In this example, the param "fq=instock:true" would be appended to
+ any query time fq params the user may specify, as a mechanism for
+ partitioning the index, independent of any user selected filtering
+ that may also be desired (perhaps as a result of faceted searching).
+
+ NOTE: there is *absolutely* nothing a client can do to prevent these
+ "appends" values from being used, so don't use this mechanism
+ unless you are sure you always want it.
+ -->
+ <!--
+ <lst name="appends">
+ <str name="fq">inStock:true</str>
+ </lst>
+ -->
+ <!-- "invariants" are a way of letting the Solr maintainer lock down
+ the options available to Solr clients. Any params values
+ specified here are used regardless of what values may be specified
+ in either the query, the "defaults", or the "appends" params.
+
+ In this example, the facet.field and facet.query params would
+ be fixed, limiting the facets clients can use. Faceting is
+ not turned on by default - but if the client does specify
+ facet=true in the request, these are the only facets they
+ will be able to see counts for; regardless of what other
+ facet.field or facet.query params they may specify.
+
+ NOTE: there is *absolutely* nothing a client can do to prevent these
+ "invariants" values from being used, so don't use this mechanism
+ unless you are sure you always want it.
+ -->
+ <!--
+ <lst name="invariants">
+ <str name="facet.field">cat</str>
+ <str name="facet.field">manu_exact</str>
+ <str name="facet.query">price:[* TO 500]</str>
+ <str name="facet.query">price:[500 TO *]</str>
+ </lst>
+ -->
+ <!-- If the default list of SearchComponents is not desired, that
+ list can either be overridden completely, or components can be
+ prepended or appended to the default list. (see below)
+ -->
+ <!--
+ <arr name="components">
+ <str>nameOfCustomComponent1</str>
+ <str>nameOfCustomComponent2</str>
+ </arr>
+ -->
+ </requestHandler>
+
+ <!-- A request handler that returns indented JSON by default -->
+ <requestHandler name="/query" class="solr.SearchHandler">
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+ <str name="wt">json</str>
+ <str name="indent">true</str>
+ <str name="df">text</str>
+ </lst>
+ </requestHandler>
+
+
+ <!-- realtime get handler, guaranteed to return the latest stored fields of
+ any document, without the need to commit or open a new searcher. The
+ current implementation relies on the updateLog feature being enabled.
+
+ ** WARNING **
+ Do NOT disable the realtime get handler at /get if you are using
+ SolrCloud otherwise any leader election will cause a full sync in ALL
+ replicas for the shard in question. Similarly, a replica recovery will
+ also always fetch the complete index from the leader because a partial
+ sync will not be possible in the absence of this handler.
+ -->
+ <requestHandler name="/get" class="solr.RealTimeGetHandler">
+ <lst name="defaults">
+ <str name="omitHeader">true</str>
+ <str name="wt">json</str>
+ <str name="indent">true</str>
+ </lst>
+ </requestHandler>
+
+
+ <!-- A Robust Example
+
+ This example SearchHandler declaration shows off usage of the
+ SearchHandler with many defaults declared
+
+ Note that multiple instances of the same Request Handler
+ (SearchHandler) can be registered multiple times with different
+ names (and different init parameters)
+ -->
+ <requestHandler name="/browse" class="solr.SearchHandler">
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+
+ <!-- VelocityResponseWriter settings -->
+ <str name="wt">velocity</str>
+ <str name="v.template">browse</str>
+ <str name="v.layout">layout</str>
+
+ <!-- Query settings -->
+ <str name="defType">edismax</str>
+ <str name="q.alt">*:*</str>
+ <str name="rows">10</str>
+ <str name="fl">*,score</str>
+
+ <!-- Faceting defaults -->
+ <str name="facet">on</str>
+ <str name="facet.mincount">1</str>
+ </lst>
+ </requestHandler>
+
+
+ <initParams path="/update/**,/query,/select,/tvrh,/elevate,/spell,/browse">
+ <lst name="defaults">
+ <str name="df">text</str>
+ <str name="update.chain">add-unknown-fields-to-the-schema</str>
+ </lst>
+ </initParams>
+
+ <!-- Update Request Handler.
+
+ http://wiki.apache.org/solr/UpdateXmlMessages
+
+ The canonical Request Handler for Modifying the Index through
+ commands specified using XML, JSON, CSV, or JAVABIN
+
+ Note: Since solr1.1 requestHandlers requires a valid content
+ type header if posted in the body. For example, curl now
+ requires: -H 'Content-type:text/xml; charset=utf-8'
+
+ To override the request content type and force a specific
+ Content-type, use the request parameter:
+ ?update.contentType=text/csv
+
+ This handler will pick a response format to match the input
+ if the 'wt' parameter is not explicit
+ -->
+ <requestHandler name="/update" class="solr.UpdateRequestHandler">
+ <!-- See below for information on defining
+ updateRequestProcessorChains that can be used by name
+ on each Update Request
+ -->
+ <!--
+ <lst name="defaults">
+ <str name="update.chain">dedupe</str>
+ </lst>
+ -->
+ </requestHandler>
+
+ <!-- Solr Cell Update Request Handler
+
+ http://wiki.apache.org/solr/ExtractingRequestHandler
+
+ -->
+ <requestHandler name="/update/extract"
+ startup="lazy"
+ class="solr.extraction.ExtractingRequestHandler" >
+ <lst name="defaults">
+ <str name="lowernames">true</str>
+ <str name="uprefix">ignored_</str>
+
+ <!-- capture link hrefs but ignore div attributes -->
+ <str name="captureAttr">true</str>
+ <str name="fmap.a">links</str>
+ <str name="fmap.div">ignored_</str>
+ </lst>
+ </requestHandler>
+
+
+ <!-- Field Analysis Request Handler
+
+ RequestHandler that provides much the same functionality as
+ analysis.jsp. Provides the ability to specify multiple field
+ types and field names in the same request and outputs
+ index-time and query-time analysis for each of them.
+
+ Request parameters are:
+ analysis.fieldname - field name whose analyzers are to be used
+
+ analysis.fieldtype - field type whose analyzers are to be used
+ analysis.fieldvalue - text for index-time analysis
+ q (or analysis.q) - text for query time analysis
+ analysis.showmatch (true|false) - When set to true and when
+ query analysis is performed, the produced tokens of the
+ field value analysis will be marked as "matched" for every
+ token that is produces by the query analysis
+ -->
+ <requestHandler name="/analysis/field"
+ startup="lazy"
+ class="solr.FieldAnalysisRequestHandler" />
+
+
+ <!-- Document Analysis Handler
+
+ http://wiki.apache.org/solr/AnalysisRequestHandler
+
+ An analysis handler that provides a breakdown of the analysis
+ process of provided documents. This handler expects a (single)
+ content stream with the following format:
+
+ <docs>
+ <doc>
+ <field name="id">1</field>
+ <field name="name">The Name</field>
+ <field name="text">The Text Value</field>
+ </doc>
+ <doc>...</doc>
+ <doc>...</doc>
+ ...
+ </docs>
+
+ Note: Each document must contain a field which serves as the
+ unique key. This key is used in the returned response to associate
+ an analysis breakdown to the analyzed document.
+
+ Like the FieldAnalysisRequestHandler, this handler also supports
+ query analysis by sending either an "analysis.query" or "q"
+ request parameter that holds the query text to be analyzed. It
+ also supports the "analysis.showmatch" parameter which when set to
+ true, all field tokens that match the query tokens will be marked
+ as a "match".
+ -->
+ <requestHandler name="/analysis/document"
+ class="solr.DocumentAnalysisRequestHandler"
+ startup="lazy" />
+
+ <!-- This single handler is equivalent to the following... -->
+ <!--
+ <requestHandler name="/admin/luke" class="solr.admin.LukeRequestHandler" />
+ <requestHandler name="/admin/system" class="solr.admin.SystemInfoHandler" />
+ <requestHandler name="/admin/plugins" class="solr.admin.PluginInfoHandler" />
+ <requestHandler name="/admin/threads" class="solr.admin.ThreadDumpHandler" />
+ <requestHandler name="/admin/properties" class="solr.admin.PropertiesRequestHandler" />
+ <requestHandler name="/admin/file" class="solr.admin.ShowFileRequestHandler" >
+ -->
+ <!-- If you wish to hide files under ${solr.home}/conf, explicitly
+ register the ShowFileRequestHandler using the definition below.
+ NOTE: The glob pattern ('*') is the only pattern supported at present, *.xml will
+ not exclude all files ending in '.xml'. Use it to exclude _all_ updates
+ -->
+ <!--
+ <requestHandler name="/admin/file"
+ class="solr.admin.ShowFileRequestHandler" >
+ <lst name="invariants">
+ <str name="hidden">synonyms.txt</str>
+ <str name="hidden">anotherfile.txt</str>
+ <str name="hidden">*</str>
+ </lst>
+ </requestHandler>
+ -->
+
+ <!--
+ Enabling this request handler (which is NOT a default part of the admin handler) will allow the Solr UI to edit
+ all the config files. This is intended for secure/development use ONLY! Leaving available and publically
+ accessible is a security vulnerability and should be done with extreme caution!
+ -->
+ <!--
+ <requestHandler name="/admin/fileedit" class="solr.admin.EditFileRequestHandler" >
+ <lst name="invariants">
+ <str name="hidden">synonyms.txt</str>
+ <str name="hidden">anotherfile.txt</str>
+ </lst>
+ </requestHandler>
+ -->
+ <!-- ping/healthcheck -->
+ <requestHandler name="/admin/ping" class="solr.PingRequestHandler">
+ <lst name="invariants">
+ <str name="q">solrpingquery</str>
+ </lst>
+ <lst name="defaults">
+ <str name="echoParams">all</str>
+ </lst>
+ <!-- An optional feature of the PingRequestHandler is to configure the
+ handler with a "healthcheckFile" which can be used to enable/disable
+ the PingRequestHandler.
+ relative paths are resolved against the data dir
+ -->
+ <!-- <str name="healthcheckFile">server-enabled.txt</str> -->
+ </requestHandler>
+
+ <!-- Echo the request contents back to the client -->
+ <requestHandler name="/debug/dump" class="solr.DumpRequestHandler" >
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+ <str name="echoHandler">true</str>
+ </lst>
+ </requestHandler>
+
+ <!-- Solr Replication
+
+ The SolrReplicationHandler supports replicating indexes from a
+ "master" used for indexing and "slaves" used for queries.
+
+ http://wiki.apache.org/solr/SolrReplication
+
+ It is also necessary for SolrCloud to function (in Cloud mode, the
+ replication handler is used to bulk transfer segments when nodes
+ are added or need to recover).
+
+ https://wiki.apache.org/solr/SolrCloud/
+ -->
+ <requestHandler name="/replication" class="solr.ReplicationHandler" >
+ <!--
+ To enable simple master/slave replication, uncomment one of the
+ sections below, depending on whether this solr instance should be
+ the "master" or a "slave". If this instance is a "slave" you will
+ also need to fill in the masterUrl to point to a real machine.
+ -->
+ <!--
+ <lst name="master">
+ <str name="replicateAfter">commit</str>
+ <str name="replicateAfter">startup</str>
+ <str name="confFiles">schema.xml,stopwords.txt</str>
+ </lst>
+ -->
+ <!--
+ <lst name="slave">
+ <str name="masterUrl">http://your-master-hostname:8983/solr</str>
+ <str name="pollInterval">00:00:60</str>
+ </lst>
+ -->
+ </requestHandler>
+
+ <!-- Search Components
+
+ Search components are registered to SolrCore and used by
+ instances of SearchHandler (which can access them by name)
+
+ By default, the following components are available:
+
+ <searchComponent name="query" class="solr.QueryComponent" />
+ <searchComponent name="facet" class="solr.FacetComponent" />
+ <searchComponent name="mlt" class="solr.MoreLikeThisComponent" />
+ <searchComponent name="highlight" class="solr.HighlightComponent" />
+ <searchComponent name="stats" class="solr.StatsComponent" />
+ <searchComponent name="debug" class="solr.DebugComponent" />
+
+ Default configuration in a requestHandler would look like:
+
+ <arr name="components">
+ <str>query</str>
+ <str>facet</str>
+ <str>mlt</str>
+ <str>highlight</str>
+ <str>stats</str>
+ <str>debug</str>
+ </arr>
+
+ If you register a searchComponent to one of the standard names,
+ that will be used instead of the default.
+
+ To insert components before or after the 'standard' components, use:
+
+ <arr name="first-components">
+ <str>myFirstComponentName</str>
+ </arr>
+
+ <arr name="last-components">
+ <str>myLastComponentName</str>
+ </arr>
+
+ NOTE: The component registered with the name "debug" will
+ always be executed after the "last-components"
+
+ -->
+
+ <!-- Spell Check
+
+ The spell check component can return a list of alternative spelling
+ suggestions.
+
+ http://wiki.apache.org/solr/SpellCheckComponent
+ -->
+ <searchComponent name="spellcheck" class="solr.SpellCheckComponent">
+
+ <str name="queryAnalyzerFieldType">text_general</str>
+
+ <!-- Multiple "Spell Checkers" can be declared and used by this
+ component
+ -->
+
+ <!-- a spellchecker built from a field of the main index -->
+ <lst name="spellchecker">
+ <str name="name">default</str>
+ <str name="field">text</str>
+ <str name="classname">solr.DirectSolrSpellChecker</str>
+ <!-- the spellcheck distance measure used, the default is the internal levenshtein -->
+ <str name="distanceMeasure">internal</str>
+ <!-- minimum accuracy needed to be considered a valid spellcheck suggestion -->
+ <float name="accuracy">0.5</float>
+ <!-- the maximum #edits we consider when enumerating terms: can be 1 or 2 -->
+ <int name="maxEdits">2</int>
+ <!-- the minimum shared prefix when enumerating terms -->
+ <int name="minPrefix">1</int>
+ <!-- maximum number of inspections per result. -->
+ <int name="maxInspections">5</int>
+ <!-- minimum length of a query term to be considered for correction -->
+ <int name="minQueryLength">4</int>
+ <!-- maximum threshold of documents a query term can appear to be considered for correction -->
+ <float name="maxQueryFrequency">0.01</float>
+ <!-- uncomment this to require suggestions to occur in 1% of the documents
+ <float name="thresholdTokenFrequency">.01</float>
+ -->
+ </lst>
+
+ <!-- a spellchecker that can break or combine words. See "/spell" handler below for usage -->
+ <lst name="spellchecker">
+ <str name="name">wordbreak</str>
+ <str name="classname">solr.WordBreakSolrSpellChecker</str>
+ <str name="field">name</str>
+ <str name="combineWords">true</str>
+ <str name="breakWords">true</str>
+ <int name="maxChanges">10</int>
+ </lst>
+
+ <!-- a spellchecker that uses a different distance measure -->
+ <!--
+ <lst name="spellchecker">
+ <str name="name">jarowinkler</str>
+ <str name="field">spell</str>
+ <str name="classname">solr.DirectSolrSpellChecker</str>
+ <str name="distanceMeasure">
+ org.apache.lucene.search.spell.JaroWinklerDistance
+ </str>
+ </lst>
+ -->
+
+ <!-- a spellchecker that use an alternate comparator
+
+ comparatorClass be one of:
+ 1. score (default)
+ 2. freq (Frequency first, then score)
+ 3. A fully qualified class name
+ -->
+ <!--
+ <lst name="spellchecker">
+ <str name="name">freq</str>
+ <str name="field">lowerfilt</str>
+ <str name="classname">solr.DirectSolrSpellChecker</str>
+ <str name="comparatorClass">freq</str>
+ -->
+
+ <!-- A spellchecker that reads the list of words from a file -->
+ <!--
+ <lst name="spellchecker">
+ <str name="classname">solr.FileBasedSpellChecker</str>
+ <str name="name">file</str>
+ <str name="sourceLocation">spellings.txt</str>
+ <str name="characterEncoding">UTF-8</str>
+ <str name="spellcheckIndexDir">spellcheckerFile</str>
+ </lst>
+ -->
+ </searchComponent>
+
+ <!-- A request handler for demonstrating the spellcheck component.
+
+ NOTE: This is purely as an example. The whole purpose of the
+ SpellCheckComponent is to hook it into the request handler that
+ handles your normal user queries so that a separate request is
+ not needed to get suggestions.
+
+ IN OTHER WORDS, THERE IS REALLY GOOD CHANCE THE SETUP BELOW IS
+ NOT WHAT YOU WANT FOR YOUR PRODUCTION SYSTEM!
+
+ See http://wiki.apache.org/solr/SpellCheckComponent for details
+ on the request parameters.
+ -->
+ <requestHandler name="/spell" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <str name="df">text</str>
+ <!-- Solr will use suggestions from both the 'default' spellchecker
+ and from the 'wordbreak' spellchecker and combine them.
+ collations (re-written queries) can include a combination of
+ corrections from both spellcheckers -->
+ <str name="spellcheck.dictionary">default</str>
+ <str name="spellcheck.dictionary">wordbreak</str>
+ <str name="spellcheck">on</str>
+ <str name="spellcheck.extendedResults">true</str>
+ <str name="spellcheck.count">10</str>
+ <str name="spellcheck.alternativeTermCount">5</str>
+ <str name="spellcheck.maxResultsForSuggest">5</str>
+ <str name="spellcheck.collate">true</str>
+ <str name="spellcheck.collateExtendedResults">true</str>
+ <str name="spellcheck.maxCollationTries">10</str>
+ <str name="spellcheck.maxCollations">5</str>
+ </lst>
+ <arr name="last-components">
+ <str>spellcheck</str>
+ </arr>
+ </requestHandler>
+
+ <searchComponent name="suggest" class="solr.SuggestComponent">
+ <lst name="suggester">
+ <str name="name">mySuggester</str>
+ <str name="lookupImpl">FuzzyLookupFactory</str> <!-- org.apache.solr.spelling.suggest.fst -->
+ <str name="dictionaryImpl">DocumentDictionaryFactory</str> <!-- org.apache.solr.spelling.suggest.HighFrequencyDictionaryFactory -->
+ <str name="field">cat</str>
+ <str name="weightField">price</str>
+ <str name="suggestAnalyzerFieldType">string</str>
+ </lst>
+ </searchComponent>
+
+ <requestHandler name="/suggest" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <str name="suggest">true</str>
+ <str name="suggest.count">10</str>
+ </lst>
+ <arr name="components">
+ <str>suggest</str>
+ </arr>
+ </requestHandler>
+ <!-- Term Vector Component
+
+ http://wiki.apache.org/solr/TermVectorComponent
+ -->
+ <searchComponent name="tvComponent" class="solr.TermVectorComponent"/>
+
+ <!-- A request handler for demonstrating the term vector component
+
+ This is purely as an example.
+
+ In reality you will likely want to add the component to your
+ already specified request handlers.
+ -->
+ <requestHandler name="/tvrh" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <str name="df">text</str>
+ <bool name="tv">true</bool>
+ </lst>
+ <arr name="last-components">
+ <str>tvComponent</str>
+ </arr>
+ </requestHandler>
+
+ <!-- Clustering Component
+
+ You'll need to set the solr.clustering.enabled system property
+ when running solr to run with clustering enabled:
+
+ java -Dsolr.clustering.enabled=true -jar start.jar
+
+ http://wiki.apache.org/solr/ClusteringComponent
+ http://carrot2.github.io/solr-integration-strategies/
+ -->
+ <searchComponent name="clustering"
+ enable="${solr.clustering.enabled:false}"
+ class="solr.clustering.ClusteringComponent" >
+ <lst name="engine">
+ <str name="name">lingo</str>
+
+ <!-- Class name of a clustering algorithm compatible with the Carrot2 framework.
+
+ Currently available open source algorithms are:
+ * org.carrot2.clustering.lingo.LingoClusteringAlgorithm
+ * org.carrot2.clustering.stc.STCClusteringAlgorithm
+ * org.carrot2.clustering.kmeans.BisectingKMeansClusteringAlgorithm
+
+ See http://project.carrot2.org/algorithms.html for more information.
+
+ A commercial algorithm Lingo3G (needs to be installed separately) is defined as:
+ * com.carrotsearch.lingo3g.Lingo3GClusteringAlgorithm
+ -->
+ <str name="carrot.algorithm">org.carrot2.clustering.lingo.LingoClusteringAlgorithm</str>
+
+ <!-- Override location of the clustering algorithm's resources
+ (attribute definitions and lexical resources).
+
+ A directory from which to load algorithm-specific stop words,
+ stop labels and attribute definition XMLs.
+
+ For an overview of Carrot2 lexical resources, see:
+ http://download.carrot2.org/head/manual/#chapter.lexical-resources
+
+ For an overview of Lingo3G lexical resources, see:
+ http://download.carrotsearch.com/lingo3g/manual/#chapter.lexical-resources
+ -->
+ <str name="carrot.resourcesDir">clustering/carrot2</str>
+ </lst>
+
+ <!-- An example definition for the STC clustering algorithm. -->
+ <lst name="engine">
+ <str name="name">stc</str>
+ <str name="carrot.algorithm">org.carrot2.clustering.stc.STCClusteringAlgorithm</str>
+ </lst>
+
+ <!-- An example definition for the bisecting kmeans clustering algorithm. -->
+ <lst name="engine">
+ <str name="name">kmeans</str>
+ <str name="carrot.algorithm">org.carrot2.clustering.kmeans.BisectingKMeansClusteringAlgorithm</str>
+ </lst>
+ </searchComponent>
+
+ <!-- A request handler for demonstrating the clustering component
+
+ This is purely as an example.
+
+ In reality you will likely want to add the component to your
+ already specified request handlers.
+ -->
+ <requestHandler name="/clustering"
+ startup="lazy"
+ enable="${solr.clustering.enabled:false}"
+ class="solr.SearchHandler">
+ <lst name="defaults">
+ <bool name="clustering">true</bool>
+ <bool name="clustering.results">true</bool>
+ <!-- Field name with the logical "title" of a each document (optional) -->
+ <str name="carrot.title">name</str>
+ <!-- Field name with the logical "URL" of a each document (optional) -->
+ <str name="carrot.url">id</str>
+ <!-- Field name with the logical "content" of a each document (optional) -->
+ <str name="carrot.snippet">features</str>
+ <!-- Apply highlighter to the title/ content and use this for clustering. -->
+ <bool name="carrot.produceSummary">true</bool>
+ <!-- the maximum number of labels per cluster -->
+ <!--<int name="carrot.numDescriptions">5</int>-->
+ <!-- produce sub clusters -->
+ <bool name="carrot.outputSubClusters">false</bool>
+
+ <!-- Configure the remaining request handler parameters. -->
+ <str name="defType">edismax</str>
+ <str name="qf">
+ text^0.5 features^1.0 name^1.2 sku^1.5 id^10.0 manu^1.1 cat^1.4
+ </str>
+ <str name="q.alt">*:*</str>
+ <str name="rows">10</str>
+ <str name="fl">*,score</str>
+ </lst>
+ <arr name="last-components">
+ <str>clustering</str>
+ </arr>
+ </requestHandler>
+
+ <!-- Terms Component
+
+ http://wiki.apache.org/solr/TermsComponent
+
+ A component to return terms and document frequency of those
+ terms
+ -->
+ <searchComponent name="terms" class="solr.TermsComponent"/>
+
+ <!-- A request handler for demonstrating the terms component -->
+ <requestHandler name="/terms" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <bool name="terms">true</bool>
+ <bool name="distrib">false</bool>
+ </lst>
+ <arr name="components">
+ <str>terms</str>
+ </arr>
+ </requestHandler>
+
+
+ <!-- Query Elevation Component
+
+ http://wiki.apache.org/solr/QueryElevationComponent
+
+ a search component that enables you to configure the top
+ results for a given query regardless of the normal lucene
+ scoring.
+ -->
+ <searchComponent name="elevator" class="solr.QueryElevationComponent" >
+ <!-- pick a fieldType to analyze queries -->
+ <str name="queryFieldType">string</str>
+ <str name="config-file">elevate.xml</str>
+ </searchComponent>
+
+ <!-- A request handler for demonstrating the elevator component -->
+ <requestHandler name="/elevate" class="solr.SearchHandler" startup="lazy">
+ <lst name="defaults">
+ <str name="echoParams">explicit</str>
+ <str name="df">text</str>
+ </lst>
+ <arr name="last-components">
+ <str>elevator</str>
+ </arr>
+ </requestHandler>
+
+ <!-- Highlighting Component
+
+ http://wiki.apache.org/solr/HighlightingParameters
+ -->
+ <searchComponent class="solr.HighlightComponent" name="highlight">
+ <highlighting>
+ <!-- Configure the standard fragmenter -->
+ <!-- This could most likely be commented out in the "default" case -->
+ <fragmenter name="gap"
+ default="true"
+ class="solr.highlight.GapFragmenter">
+ <lst name="defaults">
+ <int name="hl.fragsize">100</int>
+ </lst>
+ </fragmenter>
+
+ <!-- A regular-expression-based fragmenter
+ (for sentence extraction)
+ -->
+ <fragmenter name="regex"
+ class="solr.highlight.RegexFragmenter">
+ <lst name="defaults">
+ <!-- slightly smaller fragsizes work better because of slop -->
+ <int name="hl.fragsize">70</int>
+ <!-- allow 50% slop on fragment sizes -->
+ <float name="hl.regex.slop">0.5</float>
+ <!-- a basic sentence pattern -->
+ <str name="hl.regex.pattern">[-\w ,/\n\"']{20,200}</str>
+ </lst>
+ </fragmenter>
+
+ <!-- Configure the standard formatter -->
+ <formatter name="html"
+ default="true"
+ class="solr.highlight.HtmlFormatter">
+ <lst name="defaults">
+ <str name="hl.simple.pre"><![CDATA[<em>]]></str>
+ <str name="hl.simple.post"><![CDATA[</em>]]></str>
+ </lst>
+ </formatter>
+
+ <!-- Configure the standard encoder -->
+ <encoder name="html"
+ class="solr.highlight.HtmlEncoder" />
+
+ <!-- Configure the standard fragListBuilder -->
+ <fragListBuilder name="simple"
+ class="solr.highlight.SimpleFragListBuilder"/>
+
+ <!-- Configure the single fragListBuilder -->
+ <fragListBuilder name="single"
+ class="solr.highlight.SingleFragListBuilder"/>
+
+ <!-- Configure the weighted fragListBuilder -->
+ <fragListBuilder name="weighted"
+ default="true"
+ class="solr.highlight.WeightedFragListBuilder"/>
+
+ <!-- default tag FragmentsBuilder -->
+ <fragmentsBuilder name="default"
+ default="true"
+ class="solr.highlight.ScoreOrderFragmentsBuilder">
+ <!--
+ <lst name="defaults">
+ <str name="hl.multiValuedSeparatorChar">/</str>
+ </lst>
+ -->
+ </fragmentsBuilder>
+
+ <!-- multi-colored tag FragmentsBuilder -->
+ <fragmentsBuilder name="colored"
+ class="solr.highlight.ScoreOrderFragmentsBuilder">
+ <lst name="defaults">
+ <str name="hl.tag.pre"><![CDATA[
+ <b style="background:yellow">,<b style="background:lawgreen">,
+ <b style="background:aquamarine">,<b style="background:magenta">,
+ <b style="background:palegreen">,<b style="background:coral">,
+ <b style="background:wheat">,<b style="background:khaki">,
+ <b style="background:lime">,<b style="background:deepskyblue">]]></str>
+ <str name="hl.tag.post"><![CDATA[</b>]]></str>
+ </lst>
+ </fragmentsBuilder>
+
+ <boundaryScanner name="default"
+ default="true"
+ class="solr.highlight.SimpleBoundaryScanner">
+ <lst name="defaults">
+ <str name="hl.bs.maxScan">10</str>
+ <str name="hl.bs.chars">.,!? 	 </str>
+ </lst>
+ </boundaryScanner>
+
+ <boundaryScanner name="breakIterator"
+ class="solr.highlight.BreakIteratorBoundaryScanner">
+ <lst name="defaults">
+ <!-- type should be one of CHARACTER, WORD(default), LINE and SENTENCE -->
+ <str name="hl.bs.type">WORD</str>
+ <!-- language and country are used when constructing Locale object. -->
+ <!-- And the Locale object will be used when getting instance of BreakIterator -->
+ <str name="hl.bs.language">en</str>
+ <str name="hl.bs.country">US</str>
+ </lst>
+ </boundaryScanner>
+ </highlighting>
+ </searchComponent>
+
+ <!-- Update Processors
+
+ Chains of Update Processor Factories for dealing with Update
+ Requests can be declared, and then used by name in Update
+ Request Processors
+
+ http://wiki.apache.org/solr/UpdateRequestProcessor
+
+ -->
+
+ <!-- Add unknown fields to the schema
+
+ An example field type guessing update processor that will
+ attempt to parse string-typed field values as Booleans, Longs,
+ Doubles, or Dates, and then add schema fields with the guessed
+ field types.
+
+ This requires that the schema is both managed and mutable, by
+ declaring schemaFactory as ManagedIndexSchemaFactory, with
+ mutable specified as true.
+
+ See http://wiki.apache.org/solr/GuessingFieldTypes
+ -->
+ <updateRequestProcessorChain name="add-unknown-fields-to-the-schema">
+ <processor class="solr.DefaultValueUpdateProcessorFactory">
+ <str name="fieldName">_ttl_</str>
+ <str name="value">+{{ranger_audit_max_retention_days}}DAYS</str>
+ </processor>
+ <processor class="solr.processor.DocExpirationUpdateProcessorFactory">
+ <int name="autoDeletePeriodSeconds">86400</int>
+ <str name="ttlFieldName">_ttl_</str>
+ <str name="expirationFieldName">_expire_at_</str>
+ </processor>
+ <processor class="solr.FirstFieldValueUpdateProcessorFactory">
+ <str name="fieldName">_expire_at_</str>
+ </processor>
+
+ <processor class="solr.RemoveBlankFieldUpdateProcessorFactory"/>
+ <processor class="solr.ParseBooleanFieldUpdateProcessorFactory"/>
+ <processor class="solr.ParseLongFieldUpdateProcessorFactory"/>
+ <processor class="solr.ParseDoubleFieldUpdateProcessorFactory"/>
+ <processor class="solr.ParseDateFieldUpdateProcessorFactory">
+ <arr name="format">
+ <str>yyyy-MM-dd'T'HH:mm:ss.SSSZ</str>
+ <str>yyyy-MM-dd'T'HH:mm:ss,SSSZ</str>
+ <str>yyyy-MM-dd'T'HH:mm:ss.SSS</str>
+ <str>yyyy-MM-dd'T'HH:mm:ss,SSS</str>
+ <str>yyyy-MM-dd'T'HH:mm:ssZ</str>
+ <str>yyyy-MM-dd'T'HH:mm:ss</str>
+ <str>yyyy-MM-dd'T'HH:mmZ</str>
+ <str>yyyy-MM-dd'T'HH:mm</str>
+ <str>yyyy-MM-dd HH:mm:ss.SSSZ</str>
+ <str>yyyy-MM-dd HH:mm:ss,SSSZ</str>
+ <str>yyyy-MM-dd HH:mm:ss.SSS</str>
+ <str>yyyy-MM-dd HH:mm:ss,SSS</str>
+ <str>yyyy-MM-dd HH:mm:ssZ</str>
+ <str>yyyy-MM-dd HH:mm:ss</str>
+ <str>yyyy-MM-dd HH:mmZ</str>
+ <str>yyyy-MM-dd HH:mm</str>
+ <str>yyyy-MM-dd</str>
+ </arr>
+ </processor>
+ <processor class="solr.AddSchemaFieldsUpdateProcessorFactory">
+ <str name="defaultFieldType">key_lower_case</str>
+ <lst name="typeMapping">
+ <str name="valueClass">java.lang.Boolean</str>
+ <str name="fieldType">boolean</str>
+ </lst>
+ <lst name="typeMapping">
+ <str name="valueClass">java.util.Date</str>
+ <str name="fieldType">tdate</str>
+ </lst>
+ <lst name="typeMapping">
+ <str name="valueClass">java.lang.Long</str>
+ <str name="valueClass">java.lang.Integer</str>
+ <str name="fieldType">tlong</str>
+ </lst>
+ <lst name="typeMapping">
+ <str name="valueClass">java.lang.Number</str>
+ <str name="fieldType">tdouble</str>
+ </lst>
+ </processor>
+ <processor class="solr.LogUpdateProcessorFactory"/>
+ <processor class="solr.RunUpdateProcessorFactory"/>
+ </updateRequestProcessorChain>
+
+
+ <!-- Deduplication
+
+ An example dedup update processor that creates the "id" field
+ on the fly based on the hash code of some other fields. This
+ example has overwriteDupes set to false since we are using the
+ id field as the signatureField and Solr will maintain
+ uniqueness based on that anyway.
+
+ -->
+ <!--
+ <updateRequestProcessorChain name="dedupe">
+ <processor class="solr.processor.SignatureUpdateProcessorFactory">
+ <bool name="enabled">true</bool>
+ <str name="signatureField">id</str>
+ <bool name="overwriteDupes">false</bool>
+ <str name="fields">name,features,cat</str>
+ <str name="signatureClass">solr.processor.Lookup3Signature</str>
+ </processor>
+ <processor class="solr.LogUpdateProcessorFactory" />
+ <processor class="solr.RunUpdateProcessorFactory" />
+ </updateRequestProcessorChain>
+ -->
+
+ <!-- Language identification
+
+ This example update chain identifies the language of the incoming
+ documents using the langid contrib. The detected language is
+ written to field language_s. No field name mapping is done.
+ The fields used for detection are text, title, subject and description,
+ making this example suitable for detecting languages form full-text
+ rich documents injected via ExtractingRequestHandler.
+ See more about langId at http://wiki.apache.org/solr/LanguageDetection
+ -->
+ <!--
+ <updateRequestProcessorChain name="langid">
+ <processor class="org.apache.solr.update.processor.TikaLanguageIdentifierUpdateProcessorFactory">
+ <str name="langid.fl">text,title,subject,description</str>
+ <str name="langid.langField">language_s</str>
+ <str name="langid.fallback">en</str>
+ </processor>
+ <processor class="solr.LogUpdateProcessorFactory" />
+ <processor class="solr.RunUpdateProcessorFactory" />
+ </updateRequestProcessorChain>
+ -->
+
+ <!-- Script update processor
+
+ This example hooks in an update processor implemented using JavaScript.
+
+ See more about the script update processor at http://wiki.apache.org/solr/ScriptUpdateProcessor
+ -->
+ <!--
+ <updateRequestProcessorChain name="script">
+ <processor class="solr.StatelessScriptUpdateProcessorFactory">
+ <str name="script">update-script.js</str>
+ <lst name="params">
+ <str name="config_param">example config parameter</str>
+ </lst>
+ </processor>
+ <processor class="solr.RunUpdateProcessorFactory" />
+ </updateRequestProcessorChain>
+ -->
+
+ <!-- Response Writers
+
+ http://wiki.apache.org/solr/QueryResponseWriter
+
+ Request responses will be written using the writer specified by
+ the 'wt' request parameter matching the name of a registered
+ writer.
+
+ The "default" writer is the default and will be used if 'wt' is
+ not specified in the request.
+ -->
+ <!-- The following response writers are implicitly configured unless
+ overridden...
+ -->
+ <!--
+ <queryResponseWriter name="xml"
+ default="true"
+ class="solr.XMLResponseWriter" />
+ <queryResponseWriter name="json" class="solr.JSONResponseWriter"/>
+ <queryResponseWriter name="python" class="solr.PythonResponseWriter"/>
+ <queryResponseWriter name="ruby" class="solr.RubyResponseWriter"/>
+ <queryResponseWriter name="php" class="solr.PHPResponseWriter"/>
+ <queryResponseWriter name="phps" class="solr.PHPSerializedResponseWriter"/>
+ <queryResponseWriter name="csv" class="solr.CSVResponseWriter"/>
+ <queryResponseWriter name="schema.xml" class="solr.SchemaXmlResponseWriter"/>
+ -->
+
+ <queryResponseWriter name="json" class="solr.JSONResponseWriter">
+ <!-- For the purposes of the tutorial, JSON responses are written as
+ plain text so that they are easy to read in *any* browser.
+ If you expect a MIME type of "application/json" just remove this override.
+ -->
+ <str name="content-type">text/plain; charset=UTF-8</str>
+ </queryResponseWriter>
+
+ <!--
+ Custom response writers can be declared as needed...
+ -->
+ <queryResponseWriter name="velocity" class="solr.VelocityResponseWriter" startup="lazy">
+ <str name="template.base.dir">${velocity.template.base.dir:}</str>
+ </queryResponseWriter>
+
+ <!-- XSLT response writer transforms the XML output by any xslt file found
+ in Solr's conf/xslt directory. Changes to xslt files are checked for
+ every xsltCacheLifetimeSeconds.
+ -->
+ <queryResponseWriter name="xslt" class="solr.XSLTResponseWriter">
+ <int name="xsltCacheLifetimeSeconds">5</int>
+ </queryResponseWriter>
+
+ <!-- Query Parsers
+
+ http://wiki.apache.org/solr/SolrQuerySyntax
+
+ Multiple QParserPlugins can be registered by name, and then
+ used in either the "defType" param for the QueryComponent (used
+ by SearchHandler) or in LocalParams
+ -->
+ <!-- example of registering a query parser -->
+ <!--
+ <queryParser name="myparser" class="com.mycompany.MyQParserPlugin"/>
+ -->
+
+ <!-- Function Parsers
+
+ http://wiki.apache.org/solr/FunctionQuery
+
+ Multiple ValueSourceParsers can be registered by name, and then
+ used as function names when using the "func" QParser.
+ -->
+ <!-- example of registering a custom function parser -->
+ <!--
+ <valueSourceParser name="myfunc"
+ class="com.mycompany.MyValueSourceParser" />
+ -->
+
+
+ <!-- Document Transformers
+ http://wiki.apache.org/solr/DocTransformers
+ -->
+ <!--
+ Could be something like:
+ <transformer name="db" class="com.mycompany.LoadFromDatabaseTransformer" >
+ <int name="connection">jdbc://....</int>
+ </transformer>
+
+ To add a constant value to all docs, use:
+ <transformer name="mytrans2" class="org.apache.solr.response.transform.ValueAugmenterFactory" >
+ <int name="value">5</int>
+ </transformer>
+
+ If you want the user to still be able to change it with _value:something_ use this:
+ <transformer name="mytrans3" class="org.apache.solr.response.transform.ValueAugmenterFactory" >
+ <double name="defaultValue">5</double>
+ </transformer>
+
+ If you are using the QueryElevationComponent, you may wish to mark documents that get boosted. The
+ EditorialMarkerFactory will do exactly that:
+ <transformer name="qecBooster" class="org.apache.solr.response.transform.EditorialMarkerFactory" />
+ -->
+
+
+ <!-- Legacy config for the admin interface -->
+ <admin>
+ <defaultQuery>*:*</defaultQuery>
+ </admin>
+
+</config>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/quicklinks/quicklinks.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/quicklinks/quicklinks.json b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/quicklinks/quicklinks.json
new file mode 100644
index 0000000..d75d5f1
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/quicklinks/quicklinks.json
@@ -0,0 +1,41 @@
+{
+ "name": "default",
+ "description": "default quick links configuration",
+ "configuration": {
+ "protocol":
+ {
+ "type":"https",
+ "checks":[
+ {
+ "property":"ranger.service.https.attrib.ssl.enabled",
+ "desired":"true",
+ "site":"ranger-admin-site"
+ },
+ {
+ "property":"ranger.service.http.enabled",
+ "desired":"false",
+ "site":"ranger-admin-site"
+ }
+ ]
+ },
+
+ "links": [
+ {
+ "name": "ranger_admin_ui",
+ "label": "Ranger Admin UI",
+ "component_name" : "RANGER_ADMIN",
+ "requires_user_name": "false",
+ "url": "%@://%@:%@",
+ "attributes": ["authenticated", "sso"],
+ "port":{
+ "http_property": "ranger.service.http.port",
+ "http_default_port": "6080",
+ "https_property": "ranger.service.https.port",
+ "https_default_port": "6182",
+ "regex": "(\\d*)+",
+ "site": "ranger-admin-site"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/role_command_order.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/role_command_order.json b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/role_command_order.json
new file mode 100644
index 0000000..557e9ac
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/role_command_order.json
@@ -0,0 +1,9 @@
+{
+ "general_deps" : {
+ "_comment" : "dependencies for RANGER",
+ "RANGER_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_ADMIN-START"],
+ "RANGER_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_USERSYNC-START"],
+ "RANGER_USERSYNC-START" : ["RANGER_ADMIN-START"],
+ "RANGER_ADMIN-START": ["ZOOKEEPER_SERVER-START", "INFRA_SOLR-START"]
+ }
+}
[05/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/themes/theme_version_1.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/themes/theme_version_1.json b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/themes/theme_version_1.json
new file mode 100644
index 0000000..a307f56
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/themes/theme_version_1.json
@@ -0,0 +1,1821 @@
+{
+ "name": "default",
+ "description": "Default theme for Ranger service",
+ "configuration": {
+ "layouts": [
+ {
+ "name": "default",
+ "tabs": [
+ {
+ "name": "ranger_admin_settings",
+ "display-name": "Ranger Admin",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-ranger-admin",
+ "display-name": "Ranger Admin",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "3",
+ "column-span": "2",
+ "section-columns": "2",
+ "section-rows": "3",
+ "subsections": [
+ {
+ "name": "subsection-ranger-db-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-db-row1-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-db-row2",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "2"
+ },
+ {
+ "name": "subsection-ranger-db-root-user-col1",
+ "row-index": "2",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/create_db_dbuser"
+ ],
+ "if": "${ranger-env/create_db_dbuser}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "subsection-ranger-db-root-user-col2",
+ "row-index": "2",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/create_db_dbuser"
+ ],
+ "if": "${ranger-env/create_db_dbuser}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_user_info",
+ "display-name": "Ranger User Info",
+ "layout": {
+ "tab-columns": "1",
+ "tab-rows": "1",
+ "sections": [
+ {
+ "name": "section-user-info",
+ "display-name": "Ranger User Info",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "2",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "2",
+ "subsections": [
+ {
+ "name": "subsection-ranger-user-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "subsection-ranger-user-row2-col1",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "subsection-tabs": [
+ {
+ "name": "ldap-common-configs",
+ "display-name": "Common Configs",
+ "depends-on": [
+ {
+ "configs": [
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "ldap-user-configs",
+ "display-name": "User Configs",
+ "depends-on": [
+ {
+ "configs": [
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "name": "ldap-group-configs",
+ "display-name": "Group Configs",
+ "depends-on": [
+ {
+ "configs": [
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ],
+ "depends-on": [
+ {
+ "configs": [
+ "ranger-ugsync-site/ranger.usersync.enabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_plugin",
+ "display-name": "Ranger Plugin",
+ "layout": {
+ "tab-columns": "1",
+ "tab-rows": "1",
+ "sections": [
+ {
+ "name": "section-ranger-plugin",
+ "display-name": "Ranger Plugin",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "3",
+ "section-columns": "3",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "section-ranger-plugin-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "section-ranger-plugin-row1-col2",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1"
+ },
+ {
+ "name": "section-ranger-plugin-row1-col3",
+ "row-index": "0",
+ "column-index": "2",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_audit_settings",
+ "display-name": "Ranger Audit",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-ranger-audit-solr",
+ "display-name": "Audit to Solr",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-solr-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ },
+ {
+ "name": "section-ranger-audit-hdfs",
+ "display-name": "Audit to HDFS",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-hdfs-row1-col2",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ {
+ "name": "ranger_tagsync",
+ "display-name": "Ranger Tagsync",
+ "layout": {
+ "tab-columns": "2",
+ "tab-rows": "2",
+ "sections": [
+ {
+ "name": "section-tagsync-atlas",
+ "display-name": "Atlas Tag Source",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-tagsync-row1-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ },
+ {
+ "name": "section-tagsync-atlasrest",
+ "display-name": "AtlasRest Tag Source",
+ "row-index": "0",
+ "column-index": "1",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-tagsync-row1-col2",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ },
+ {
+ "name": "section-tagsync-file",
+ "display-name": "File Tag Source",
+ "row-index": "1",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1",
+ "section-columns": "1",
+ "section-rows": "1",
+ "subsections": [
+ {
+ "name": "subsection-ranger-tagsync-row2-col1",
+ "row-index": "0",
+ "column-index": "0",
+ "row-span": "1",
+ "column-span": "1"
+ }
+ ]
+ }
+ ]
+ }
+ }
+ ]
+ }
+ ],
+ "placement": {
+ "configuration-layout": "default",
+ "configs": [
+ {
+ "config": "admin-properties/DB_FLAVOR",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "admin-properties/db_name",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "admin-properties/db_user",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.url",
+ "subsection-name": "subsection-ranger-db-row1-col1"
+ },
+ {
+ "config": "admin-properties/db_host",
+ "subsection-name": "subsection-ranger-db-row1-col2"
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.driver",
+ "subsection-name": "subsection-ranger-db-row1-col2"
+ },
+ {
+ "config": "admin-properties/db_password",
+ "subsection-name": "subsection-ranger-db-row1-col2"
+ },
+ {
+ "config": "ranger-env/test_db_connection",
+ "subsection-name": "subsection-ranger-db-row2",
+ "property_value_attributes": {
+ "ui_only_property": true
+ },
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/create_db_dbuser"
+ ],
+ "if": "${ranger-env/create_db_dbuser}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/create_db_dbuser",
+ "subsection-name": "subsection-ranger-db-row2"
+ },
+ {
+ "config": "admin-properties/db_root_user",
+ "subsection-name": "subsection-ranger-db-root-user-col1"
+ },
+ {
+ "config": "ranger-env/ranger_privelege_user_jdbc_url",
+ "subsection-name": "subsection-ranger-db-root-user-col1"
+ },
+ {
+ "config": "admin-properties/db_root_password",
+ "subsection-name": "subsection-ranger-db-root-user-col2"
+ },
+ {
+ "config": "ranger-env/test_root_db_connection",
+ "subsection-name": "subsection-ranger-db-root-user-col1",
+ "property_value_attributes": {
+ "ui_only_property": true
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.enabled",
+ "subsection-name": "subsection-ranger-user-row1-col1"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.source.impl.class",
+ "subsection-name": "subsection-ranger-user-row2-col1"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.minUserId",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.UnixUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.password.file",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.UnixUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.group.file",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.UnixUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.filesource.file",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.filesource.text.delimiter",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.source.impl.class"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.source.impl.class} === org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.url",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs"
+ },
+ {
+ "config": "ranger-env/bind_anonymous",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.binddn",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/bind_anonymous"
+ ],
+ "if": "${ranger-env/bind_anonymous}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.ldapbindpassword",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/bind_anonymous"
+ ],
+ "if": "${ranger-env/bind_anonymous}",
+ "then": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.deltasync",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-common-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.nameattribute",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.objectclass",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchbase",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchfilter",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchscope",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.groupnameattribute",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.usermapsyncenabled",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.user.searchenabled",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-user-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.search.first.enabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.search.first.enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchenabled",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs"
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.memberattributename",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.nameattribute",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.objectclass",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchbase",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchfilter",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.search.first.enabled",
+ "subsection-name": "subsection-ranger-user-row2-col1",
+ "subsection-tab-name": "ldap-group-configs",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-ugsync-site/ranger.usersync.group.searchenabled"
+ ],
+ "if": "${ranger-ugsync-site/ranger.usersync.group.searchenabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-hdfs-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "HDFS",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-yarn-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "YARN",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-hive-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "HIVE",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-hbase-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col2",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "HBASE",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-storm-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col2",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "STORM",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-knox-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col3",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "KNOX",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-kafka-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col3",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "KAFKA",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-atlas-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col3",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "ATLAS",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/ranger-nifi-plugin-enabled",
+ "subsection-name": "section-ranger-plugin-row1-col1",
+ "depends-on": [
+ {
+ "resource": "service",
+ "if": "NIFI",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.solr",
+ "subsection-name": "subsection-ranger-solr-row1-col1"
+ },
+ {
+ "config": "ranger-env/is_solrCloud_enabled",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/is_external_solrCloud_enabled",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr",
+ "ranger-env/is_solrCloud_enabled"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr} && ${ranger-env/is_solrCloud_enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/is_external_solrCloud_kerberos",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr",
+ "ranger-env/is_solrCloud_enabled",
+ "ranger-env/is_external_solrCloud_enabled"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr} && ${ranger-env/is_solrCloud_enabled} && ${ranger-env/is_external_solrCloud_enabled}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.urls",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/is_solrCloud_enabled",
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/is_solrCloud_enabled} === false && ${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/is_solrCloud_enabled",
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/is_solrCloud_enabled} && ${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.username",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.password",
+ "subsection-name": "subsection-ranger-solr-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.solr"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.solr}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs",
+ "subsection-name": "subsection-ranger-hdfs-row1-col2"
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+ "subsection-name": "subsection-ranger-hdfs-row1-col2",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-env/xasecure.audit.destination.hdfs"
+ ],
+ "if": "${ranger-env/xasecure.audit.destination.hdfs}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlas",
+ "subsection-name": "subsection-ranger-tagsync-row1-col1"
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.bootstrap.servers",
+ "subsection-name": "subsection-ranger-tagsync-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlas"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlas}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.zookeeper.connect",
+ "subsection-name": "subsection-ranger-tagsync-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlas"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlas}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.entities.group.id",
+ "subsection-name": "subsection-ranger-tagsync-row1-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlas"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlas}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest",
+ "subsection-name": "subsection-ranger-tagsync-row1-col2"
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.endpoint",
+ "subsection-name": "subsection-ranger-tagsync-row1-col2",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlasrest"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlasrest}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.download.interval.millis",
+ "subsection-name": "subsection-ranger-tagsync-row1-col2",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.atlasrest"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.atlasrest}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file",
+ "subsection-name": "subsection-ranger-tagsync-row2-col1"
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file.check.interval.millis",
+ "subsection-name": "subsection-ranger-tagsync-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.file"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.file}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file.filename",
+ "subsection-name": "subsection-ranger-tagsync-row2-col1",
+ "depends-on": [
+ {
+ "configs":[
+ "ranger-tagsync-site/ranger.tagsync.source.file"
+ ],
+ "if": "${ranger-tagsync-site/ranger.tagsync.source.file}",
+ "then": {
+ "property_value_attributes": {
+ "visible": true
+ }
+ },
+ "else": {
+ "property_value_attributes": {
+ "visible": false
+ }
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "widgets": [
+ {
+ "config": "admin-properties/DB_FLAVOR",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "admin-properties/db_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_name",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.url",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.jpa.jdbc.driver",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_host",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "ranger-env/test_db_connection",
+ "widget": {
+ "type": "test-db-connection",
+ "display-name": "Test Connection",
+ "required-properties": {
+ "jdbc.driver.class": "ranger-admin-site/ranger.jpa.jdbc.driver",
+ "jdbc.driver.url": "ranger-admin-site/ranger.jpa.jdbc.url",
+ "db.connection.source.host": "ranger-site/ranger_admin_hosts",
+ "db.type": "admin-properties/DB_FLAVOR",
+ "db.connection.destination.host": "admin-properties/db_host",
+ "db.connection.user": "admin-properties/db_user",
+ "db.connection.password": "admin-properties/db_password"
+ }
+ }
+ },
+ {
+ "config": "ranger-env/create_db_dbuser",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger_privelege_user_jdbc_url",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_root_user",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "admin-properties/db_root_password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "ranger-env/test_root_db_connection",
+ "widget": {
+ "type": "test-db-connection",
+ "display-name": "Test Connection",
+ "required-properties": {
+ "jdbc.driver.class": "ranger-admin-site/ranger.jpa.jdbc.driver",
+ "jdbc.driver.url": "ranger-env/ranger_privelege_user_jdbc_url",
+ "db.connection.source.host": "ranger-site/ranger_admin_hosts",
+ "db.type": "admin-properties/DB_FLAVOR",
+ "db.connection.destination.host": "admin-properties/db_host",
+ "db.connection.user": "admin-properties/db_root_user",
+ "db.connection.password": "admin-properties/db_root_password"
+ }
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.source.impl.class",
+ "widget": {
+ "type": "combo"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.url",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-env/bind_anonymous",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.binddn",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.ldapbindpassword",
+ "widget": {
+ "type": "password"
+ }
+ },
+
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.usermapsyncenabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.user.searchenabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.nameattribute",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.objectclass",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchbase",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchfilter",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.searchscope",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.user.groupnameattribute",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchenabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.memberattributename",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.nameattribute",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.objectclass",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchbase",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.searchfilter",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.group.search.first.enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.minUserId",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.password.file",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.unix.group.file",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.filesource.file",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.filesource.text.delimiter",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-ugsync-site/ranger.usersync.ldap.deltasync",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-hdfs-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-hive-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-hbase-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-kafka-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-knox-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-storm-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-yarn-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-atlas-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/ranger-nifi-plugin-enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.solr",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/is_solrCloud_enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/is_external_solrCloud_enabled",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/is_external_solrCloud_kerberos",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.urls",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.zookeepers",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.username",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-admin-site/ranger.audit.solr.password",
+ "widget": {
+ "type": "password"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs",
+ "widget": {
+ "type": "toggle"
+ }
+ },
+ {
+ "config": "ranger-env/xasecure.audit.destination.hdfs.dir",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file.check.interval.millis",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file.filename",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.download.interval.millis",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest.endpoint",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.entities.group.id",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.bootstrap.servers",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "tagsync-application-properties/atlas.kafka.zookeeper.connect",
+ "widget": {
+ "type": "text-field"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlas",
+ "widget": {
+ "type": "checkbox"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.atlasrest",
+ "widget": {
+ "type": "checkbox"
+ }
+ },
+ {
+ "config": "ranger-tagsync-site/ranger.tagsync.source.file",
+ "widget": {
+ "type": "checkbox"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/alerts.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/alerts.json
deleted file mode 100644
index 05c3fe6..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/alerts.json
+++ /dev/null
@@ -1,32 +0,0 @@
-{
- "RANGER_KMS": {
- "service": [],
- "RANGER_KMS_SERVER": [
- {
- "name": "ranger_kms_server_process",
- "label": "Ranger KMS Server Process",
- "description": "This host-level alert is triggered if the Ranger KMS Server cannot be determined to be up.",
- "interval": 1,
- "scope": "HOST",
- "source": {
- "type": "PORT",
- "uri": "{{kms-env/kms_port}}",
- "default_port": 9292,
- "reporting": {
- "ok": {
- "text": "TCP OK - {0:.3f}s response on port {1}"
- },
- "warning": {
- "text": "TCP OK - {0:.3f}s response on port {1}",
- "value": 1.5
- },
- "critical": {
- "text": "Connection failed: {0} to {1}:{2}",
- "value": 5.0
- }
- }
- }
- }
- ]
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/dbks-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/dbks-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/dbks-site.xml
deleted file mode 100644
index 4ac20b3..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/dbks-site.xml
+++ /dev/null
@@ -1,206 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>hadoop.kms.blacklist.DECRYPT_EEK</name>
- <value>hdfs</value>
- <description>Blacklist for decrypt EncryptedKey CryptoExtension operations</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.db.encrypt.key.password</name>
- <value>_</value>
- <property-type>PASSWORD</property-type>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <description>Password used for encrypting Master Key</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.jpa.jdbc.url</name>
- <display-name>JDBC connect string</display-name>
- <value>jdbc:mysql://localhost</value>
- <description>URL for Database</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <depends-on>
- <property>
- <type>kms-properties</type>
- <name>DB_FLAVOR</name>
- </property>
- <property>
- <type>kms-properties</type>
- <name>db_host</name>
- </property>
- <property>
- <type>kms-properties</type>
- <name>db_name</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.jpa.jdbc.user</name>
- <value>{{db_user}}</value>
- <description>Database username used for operation</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.jpa.jdbc.password</name>
- <value>_</value>
- <property-type>PASSWORD</property-type>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <description>Database user's password</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.jpa.jdbc.credential.provider.path</name>
- <value>/etc/ranger/kms/rangerkms.jceks</value>
- <description>Credential provider path</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.jpa.jdbc.credential.alias</name>
- <value>ranger.ks.jdbc.password</value>
- <description>Credential alias used for password</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.masterkey.credential.alias</name>
- <value>ranger.ks.masterkey.password</value>
- <description>Credential alias used for masterkey</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.jpa.jdbc.dialect</name>
- <value>{{jdbc_dialect}}</value>
- <description>Dialect used for database</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.jpa.jdbc.driver</name>
- <display-name>Driver class name for a JDBC Ranger KMS database</display-name>
- <value>com.mysql.jdbc.Driver</value>
- <description>Driver used for database</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <depends-on>
- <property>
- <type>kms-properties</type>
- <name>DB_FLAVOR</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.jdbc.sqlconnectorjar</name>
- <value>{{ews_lib_jar_path}}</value>
- <description>Driver used for database</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.hsm.type</name>
- <display-name>HSM Type</display-name>
- <value>LunaProvider</value>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>LunaProvider</value>
- <label>Luna Provider</label>
- </entry>
- </entries>
- </value-attributes>
- <description>HSM type</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.hsm.enabled</name>
- <display-name>HSM Enabled</display-name>
- <value>false</value>
- <description>Enable HSM ?</description>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- <type>value-list</type>
- <overridable>false</overridable>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.hsm.partition.name</name>
- <display-name>HSM partition name. In case of HSM HA enter the group name</display-name>
- <value>par19</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.hsm.partition.password</name>
- <value>_</value>
- <property-type>PASSWORD</property-type>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <description>HSM partition password</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.hsm.partition.password.alias</name>
- <display-name>HSM partition password alias</display-name>
- <value>ranger.kms.hsm.partition.password</value>
- <description>HSM partition password alias</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.kerberos.principal</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger.ks.kerberos.keytab</name>
- <value/>
- <description/>
- <value-attributes>
- <empty-value-valid>true</empty-value-valid>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-env.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-env.xml
deleted file mode 100644
index e049840..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-env.xml
+++ /dev/null
@@ -1,116 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_adding_forbidden="true">
- <property>
- <name>kms_user</name>
- <display-name>Kms User</display-name>
- <value>kms</value>
- <property-type>USER</property-type>
- <description>Kms username</description>
- <value-attributes>
- <type>user</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>kms_group</name>
- <display-name>Kms group</display-name>
- <value>kms</value>
- <property-type>GROUP</property-type>
- <description>Kms group</description>
- <value-attributes>
- <type>user</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>kms_log_dir</name>
- <value>/var/log/ranger/kms</value>
- <description/>
- <value-attributes>
- <type>directory</type>
- <overridable>false</overridable>
- <editable-only-at-install>true</editable-only-at-install>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>kms_port</name>
- <value>9292</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- <depends-on>
- <property>
- <type>ranger-kms-site</type>
- <name>ranger.service.https.port</name>
- </property>
- <property>
- <type>ranger-kms-site</type>
- <name>ranger.service.https.attrib.ssl.enabled</name>
- </property>
- </depends-on>
- </property>
- <property>
- <name>create_db_user</name>
- <display-name>Setup Database and Database User</display-name>
- <value>true</value>
- <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>true</value>
- <label>Yes</label>
- </entry>
- <entry>
- <value>false</value>
- <label>No</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>hsm_partition_password</name>
- <display-name>HSM partition password</display-name>
- <value/>
- <property-type>PASSWORD</property-type>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <description>HSM partition password</description>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_kms_pid_dir</name>
- <value>/var/run/ranger_kms</value>
- <description/>
- <value-attributes>
- <type>directory</type>
- <overridable>false</overridable>
- <editable-only-at-install>true</editable-only-at-install>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-log4j.xml
deleted file mode 100644
index 18dc46b..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-log4j.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration supports_adding_forbidden="false">
- <property>
- <name>ranger_kms_log_maxfilesize</name>
- <value>256</value>
- <description>The maximum size of backup file before the log is rotated</description>
- <display-name>Ranger-kms Log: backup file size</display-name>
- <value-attributes>
- <unit>MB</unit>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_kms_log_maxbackupindex</name>
- <value>20</value>
- <description>The number of backup files</description>
- <display-name>Ranger-kms Log: # of backup files</display-name>
- <value-attributes>
- <type>int</type>
- <minimum>0</minimum>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_kms_audit_log_maxfilesize</name>
- <value>256</value>
- <description>The maximum size of backup file before the log is rotated</description>
- <display-name>Ranger-kms Audit Log: backup file size</display-name>
- <value-attributes>
- <unit>MB</unit>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>ranger_kms_audit_log_maxbackupindex</name>
- <value>20</value>
- <description>The number of backup files</description>
- <display-name>Ranger-kms Audit Log: # of backup files</display-name>
- <value-attributes>
- <type>int</type>
- <minimum>0</minimum>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>content</name>
- <display-name>kms-log4j template</display-name>
- <description>kms-log4j.properties</description>
- <value>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License. See accompanying LICENSE file.
-#
-
-# If the Java System property 'kms.log.dir' is not defined at KMS start up time
-# Setup sets its value to '${kms.home}/logs'
-
-log4j.appender.kms=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.kms.DatePattern='.'yyyy-MM-dd
-log4j.appender.kms.File=${kms.log.dir}/kms.log
-log4j.appender.kms.Append=true
-log4j.appender.kms.layout=org.apache.log4j.PatternLayout
-log4j.appender.kms.layout.ConversionPattern=%d{ISO8601} %-5p %c{1} - %m%n
-log4j.appender.kms.MaxFileSize = {{ranger_kms_log_maxfilesize}}MB
-log4j.appender.kms.MaxBackupIndex = {{ranger_kms_log_maxbackupindex}}
-
-log4j.appender.kms-audit=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.kms-audit.DatePattern='.'yyyy-MM-dd
-log4j.appender.kms-audit.File=${kms.log.dir}/kms-audit.log
-log4j.appender.kms-audit.Append=true
-log4j.appender.kms-audit.layout=org.apache.log4j.PatternLayout
-log4j.appender.kms-audit.layout.ConversionPattern=%d{ISO8601} %m%n
-log4j.appender.kms-audit.MaxFileSize = {{ranger_kms_audit_log_maxfilesize}}MB
-log4j.appender.kms-audit.MaxBackupIndex = {{ranger_kms_audit_log_maxbackupindex}}
-
-log4j.logger.kms-audit=INFO, kms-audit
-log4j.additivity.kms-audit=false
-
-log4j.logger=INFO, kms
-log4j.additivity.kms=false
-log4j.rootLogger=INFO, kms
-log4j.logger.org.apache.hadoop.conf=ERROR
-log4j.logger.org.apache.hadoop=INFO
-log4j.logger.com.sun.jersey.server.wadl.generators.WadlGeneratorJAXBGrammarGenerator=OFF
- </value>
- <value-attributes>
- <type>content</type>
- <show-property-name>false</show-property-name>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-properties.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-properties.xml
deleted file mode 100644
index d2d4da5..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.3.0/configuration/kms-properties.xml
+++ /dev/null
@@ -1,166 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
- <property>
- <name>REPOSITORY_CONFIG_USERNAME</name>
- <display-name>Repository config username</display-name>
- <value>keyadmin</value>
- <description/>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>REPOSITORY_CONFIG_PASSWORD</name>
- <display-name>Repository config password</display-name>
- <value>keyadmin</value>
- <property-type>PASSWORD</property-type>
- <description/>
- <value-attributes>
- <type>password</type>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>DB_FLAVOR</name>
- <display-name>DB FLAVOR</display-name>
- <value>MYSQL</value>
- <description>The database type to be used</description>
- <value-attributes>
- <overridable>false</overridable>
- <type>value-list</type>
- <entries>
- <entry>
- <value>MYSQL</value>
- <label>MYSQL</label>
- </entry>
- <entry>
- <value>ORACLE</value>
- <label>ORACLE</label>
- </entry>
- <entry>
- <value>POSTGRES</value>
- <label>POSTGRES</label>
- </entry>
- <entry>
- <value>MSSQL</value>
- <label>MSSQL</label>
- </entry>
- <entry>
- <value>SQLA</value>
- <label>SQL Anywhere</label>
- </entry>
- </entries>
- <selection-cardinality>1</selection-cardinality>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>SQL_CONNECTOR_JAR</name>
- <display-name>SQL connector jar</display-name>
- <value>{{driver_curl_target}}</value>
- <description>Location of DB client library (please check the location of the jar file)</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <depends-on>
- <property>
- <type>kms-properties</type>
- <name>DB_FLAVOR</name>
- </property>
- </depends-on>
- <on-ambari-upgrade add="false" update="false"/>
- </property>
- <property>
- <name>db_root_user</name>
- <display-name>Database Administrator (DBA) username</display-name>
- <value>root</value>
- <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>db_root_password</name>
- <display-name>Database Administrator (DBA) password</display-name>
- <value/>
- <property-type>PASSWORD</property-type>
- <description>Database password for the database admin username</description>
- <value-attributes>
- <type>password</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>db_host</name>
- <display-name>Ranger KMS DB host</display-name>
- <value/>
- <description>Database host</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>db_name</name>
- <display-name>Ranger KMS DB name</display-name>
- <value>rangerkms</value>
- <description>Database name</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>db_user</name>
- <display-name>Ranger KMS DB username</display-name>
- <value>rangerkms</value>
- <description>Database username used for the Ranger KMS schema</description>
- <value-attributes>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>db_password</name>
- <display-name>Ranger KMS DB password</display-name>
- <value/>
- <property-type>PASSWORD</property-type>
- <description>Database password for the Ranger KMS schema</description>
- <value-attributes>
- <type>password</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
- <property>
- <name>KMS_MASTER_KEY_PASSWD</name>
- <display-name>KMS master key password</display-name>
- <value/>
- <property-type>PASSWORD</property-type>
- <description/>
- <value-attributes>
- <type>password</type>
- <overridable>false</overridable>
- </value-attributes>
- <on-ambari-upgrade add="false"/>
- </property>
-</configuration>
[06/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/service_advisor.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/service_advisor.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/service_advisor.py
new file mode 100644
index 0000000..f37261f
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/service_advisor.py
@@ -0,0 +1,774 @@
+#!/usr/bin/env ambari-python-wrap
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+# Python imports
+import imp
+import os
+import traceback
+import re
+import socket
+import fnmatch
+
+
+from resource_management.core.logger import Logger
+
+SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
+STACKS_DIR = os.path.join(SCRIPT_DIR, '../../../stacks/')
+PARENT_FILE = os.path.join(STACKS_DIR, 'service_advisor.py')
+
+try:
+ with open(PARENT_FILE, 'rb') as fp:
+ service_advisor = imp.load_module('service_advisor', fp, PARENT_FILE, ('.py', 'rb', imp.PY_SOURCE))
+except Exception as e:
+ traceback.print_exc()
+ print "Failed to load parent"
+
+DB_TYPE_DEFAULT_PORT_MAP = {"MYSQL":"3306", "ORACLE":"1521", "POSTGRES":"5432", "MSSQL":"1433", "SQLA":"2638"}
+
+class RangerServiceAdvisor(service_advisor.ServiceAdvisor):
+
+ def __init__(self, *args, **kwargs):
+ self.as_super = super(RangerServiceAdvisor, self)
+ self.as_super.__init__(*args, **kwargs)
+
+ # Always call these methods
+ self.modifyMastersWithMultipleInstances()
+ self.modifyCardinalitiesDict()
+ self.modifyHeapSizeProperties()
+ self.modifyNotValuableComponents()
+ self.modifyComponentsNotPreferableOnServer()
+ self.modifyComponentLayoutSchemes()
+
+ def modifyMastersWithMultipleInstances(self):
+ """
+ Modify the set of masters with multiple instances.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyCardinalitiesDict(self):
+ """
+ Modify the dictionary of cardinalities.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyHeapSizeProperties(self):
+ """
+ Modify the dictionary of heap size properties.
+ Must be overriden in child class.
+ """
+ pass
+
+ def modifyNotValuableComponents(self):
+ """
+ Modify the set of components whose host assignment is based on other services.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyComponentsNotPreferableOnServer(self):
+ """
+ Modify the set of components that are not preferable on the server.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def modifyComponentLayoutSchemes(self):
+ """
+ Modify layout scheme dictionaries for components.
+ The scheme dictionary basically maps the number of hosts to
+ host index where component should exist.
+ Must be overriden in child class.
+ """
+ # Nothing to do
+ pass
+
+ def getServiceComponentLayoutValidations(self, services, hosts):
+ """
+ Get a list of errors.
+ Must be overriden in child class.
+ """
+
+ return []
+
+ def getServiceConfigurationRecommendations(self, configurations, clusterData, services, hosts):
+ """
+ Entry point.
+ Must be overriden in child class.
+ """
+ # Logger.info("Class: %s, Method: %s. Recommending Service Configurations." %
+ # (self.__class__.__name__, inspect.stack()[0][3]))
+
+ recommender = RangerRecommender()
+ recommender.recommendRangerConfigurationsFromHDP206(configurations, clusterData, services, hosts)
+ recommender.recommendRangerConfigurationsFromHDP22(configurations, clusterData, services, hosts)
+ recommender.recommendRangerConfigurationsFromHDP23(configurations, clusterData, services, hosts)
+ recommender.recommendRangerConfigurationsFromHDP25(configurations, clusterData, services, hosts)
+ recommender.recommendRangerConfigurationsFromHDP26(configurations, clusterData, services, hosts)
+
+ def getServiceConfigurationsValidationItems(self, configurations, recommendedDefaults, services, hosts):
+ """
+ Entry point.
+ Validate configurations for the service. Return a list of errors.
+ The code for this function should be the same for each Service Advisor.
+ """
+ # Logger.info("Class: %s, Method: %s. Validating Configurations." %
+ # (self.__class__.__name__, inspect.stack()[0][3]))
+
+ validator = RangerValidator()
+ # Calls the methods of the validator using arguments,
+ # method(siteProperties, siteRecommendations, configurations, services, hosts)
+ return validator.validateListOfConfigUsingMethod(configurations, recommendedDefaults, services, hosts, validator.validators)
+
+class RangerRecommender(service_advisor.ServiceAdvisor):
+ """
+ Ranger Recommender suggests properties when adding the service for the first time or modifying configs via the UI.
+ """
+
+ def __init__(self, *args, **kwargs):
+ self.as_super = super(RangerRecommender, self)
+ self.as_super.__init__(*args, **kwargs)
+
+ def recommendRangerConfigurationsFromHDP206(self, configurations, clusterData, services, hosts):
+
+ putRangerAdminProperty = self.putProperty(configurations, "admin-properties", services)
+
+ # Build policymgr_external_url
+ protocol = 'http'
+ ranger_admin_host = 'localhost'
+ port = '6080'
+
+ # Check if http is disabled. For HDP-2.3 this can be checked in ranger-admin-site/ranger.service.http.enabled
+ # For Ranger-0.4.0 this can be checked in ranger-site/http.enabled
+ if ('ranger-site' in services['configurations'] and 'http.enabled' in services['configurations']['ranger-site']['properties'] \
+ and services['configurations']['ranger-site']['properties']['http.enabled'].lower() == 'false') or \
+ ('ranger-admin-site' in services['configurations'] and 'ranger.service.http.enabled' in services['configurations']['ranger-admin-site']['properties'] \
+ and services['configurations']['ranger-admin-site']['properties']['ranger.service.http.enabled'].lower() == 'false'):
+ # HTTPS protocol is used
+ protocol = 'https'
+ # Starting Ranger-0.5.0.2.3 port stored in ranger-admin-site ranger.service.https.port
+ if 'ranger-admin-site' in services['configurations'] and \
+ 'ranger.service.https.port' in services['configurations']['ranger-admin-site']['properties']:
+ port = services['configurations']['ranger-admin-site']['properties']['ranger.service.https.port']
+ # In Ranger-0.4.0 port stored in ranger-site https.service.port
+ elif 'ranger-site' in services['configurations'] and \
+ 'https.service.port' in services['configurations']['ranger-site']['properties']:
+ port = services['configurations']['ranger-site']['properties']['https.service.port']
+ else:
+ # HTTP protocol is used
+ # Starting Ranger-0.5.0.2.3 port stored in ranger-admin-site ranger.service.http.port
+ if 'ranger-admin-site' in services['configurations'] and \
+ 'ranger.service.http.port' in services['configurations']['ranger-admin-site']['properties']:
+ port = services['configurations']['ranger-admin-site']['properties']['ranger.service.http.port']
+ # In Ranger-0.4.0 port stored in ranger-site http.service.port
+ elif 'ranger-site' in services['configurations'] and \
+ 'http.service.port' in services['configurations']['ranger-site']['properties']:
+ port = services['configurations']['ranger-site']['properties']['http.service.port']
+
+ ranger_admin_hosts = self.getComponentHostNames(services, "RANGER", "RANGER_ADMIN")
+ if ranger_admin_hosts:
+ if len(ranger_admin_hosts) > 1 \
+ and services['configurations'] \
+ and 'admin-properties' in services['configurations'] and 'policymgr_external_url' in services['configurations']['admin-properties']['properties'] \
+ and services['configurations']['admin-properties']['properties']['policymgr_external_url'] \
+ and services['configurations']['admin-properties']['properties']['policymgr_external_url'].strip():
+
+ # in case of HA deployment keep the policymgr_external_url specified in the config
+ policymgr_external_url = services['configurations']['admin-properties']['properties']['policymgr_external_url']
+ else:
+
+ ranger_admin_host = ranger_admin_hosts[0]
+ policymgr_external_url = "%s://%s:%s" % (protocol, ranger_admin_host, port)
+
+ putRangerAdminProperty('policymgr_external_url', policymgr_external_url)
+
+ rangerServiceVersion = [service['StackServices']['service_version'] for service in services["services"] if service['StackServices']['service_name'] == 'RANGER'][0]
+ if rangerServiceVersion == '0.4.0':
+ # Recommend ldap settings based on ambari.properties configuration
+ # If 'ambari.ldap.isConfigured' == true
+ # For Ranger version 0.4.0
+ if 'ambari-server-properties' in services and \
+ 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \
+ services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true":
+ putUserSyncProperty = self.putProperty(configurations, "usersync-properties", services)
+ serverProperties = services['ambari-server-properties']
+ if 'authentication.ldap.managerDn' in serverProperties:
+ putUserSyncProperty('SYNC_LDAP_BIND_DN', serverProperties['authentication.ldap.managerDn'])
+ if 'authentication.ldap.primaryUrl' in serverProperties:
+ ldap_protocol = 'ldap://'
+ if 'authentication.ldap.useSSL' in serverProperties and serverProperties['authentication.ldap.useSSL'] == 'true':
+ ldap_protocol = 'ldaps://'
+ ldapUrl = ldap_protocol + serverProperties['authentication.ldap.primaryUrl'] if serverProperties['authentication.ldap.primaryUrl'] else serverProperties['authentication.ldap.primaryUrl']
+ putUserSyncProperty('SYNC_LDAP_URL', ldapUrl)
+ if 'authentication.ldap.userObjectClass' in serverProperties:
+ putUserSyncProperty('SYNC_LDAP_USER_OBJECT_CLASS', serverProperties['authentication.ldap.userObjectClass'])
+ if 'authentication.ldap.usernameAttribute' in serverProperties:
+ putUserSyncProperty('SYNC_LDAP_USER_NAME_ATTRIBUTE', serverProperties['authentication.ldap.usernameAttribute'])
+
+
+ # Set Ranger Admin Authentication method
+ if 'admin-properties' in services['configurations'] and 'usersync-properties' in services['configurations'] and \
+ 'SYNC_SOURCE' in services['configurations']['usersync-properties']['properties']:
+ rangerUserSyncSource = services['configurations']['usersync-properties']['properties']['SYNC_SOURCE']
+ authenticationMethod = rangerUserSyncSource.upper()
+ if authenticationMethod != 'FILE':
+ putRangerAdminProperty('authentication_method', authenticationMethod)
+
+ # Recommend xasecure.audit.destination.hdfs.dir
+ # For Ranger version 0.4.0
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
+ include_hdfs = "HDFS" in servicesList
+ if include_hdfs:
+ if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
+ default_fs = services['configurations']['core-site']['properties']['fs.defaultFS']
+ default_fs += '/ranger/audit/%app-type%/%time:yyyyMMdd%'
+ putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', default_fs)
+
+ # Recommend Ranger Audit properties for ranger supported services
+ # For Ranger version 0.4.0
+ ranger_services = [
+ {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-plugin-properties'},
+ {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-plugin-properties'},
+ {'service_name': 'HIVE', 'audit_file': 'ranger-hive-plugin-properties'},
+ {'service_name': 'KNOX', 'audit_file': 'ranger-knox-plugin-properties'},
+ {'service_name': 'STORM', 'audit_file': 'ranger-storm-plugin-properties'}
+ ]
+
+ for item in range(len(ranger_services)):
+ if ranger_services[item]['service_name'] in servicesList:
+ component_audit_file = ranger_services[item]['audit_file']
+ if component_audit_file in services["configurations"]:
+ ranger_audit_dict = [
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.db', 'target_configname': 'XAAUDIT.DB.IS_ENABLED'},
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs', 'target_configname': 'XAAUDIT.HDFS.IS_ENABLED'},
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs.dir', 'target_configname': 'XAAUDIT.HDFS.DESTINATION_DIRECTORY'}
+ ]
+ putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services)
+
+ for item in ranger_audit_dict:
+ if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]:
+ if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]:
+ rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']]
+ else:
+ rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']]
+ putRangerAuditProperty(item['target_configname'], rangerAuditProperty)
+
+ def recommendRangerConfigurationsFromHDP22(self, configurations, clusterData, services, hosts):
+ putRangerEnvProperty = self.putProperty(configurations, "ranger-env")
+ cluster_env = self.getServicesSiteProperties(services, "cluster-env")
+ security_enabled = cluster_env is not None and "security_enabled" in cluster_env and \
+ cluster_env["security_enabled"].lower() == "true"
+ if "ranger-env" in configurations and not security_enabled:
+ putRangerEnvProperty("ranger-storm-plugin-enabled", "No")
+
+ def getDBConnectionHostPort(self, db_type, db_host):
+ connection_string = ""
+ if db_type is None or db_type == "":
+ return connection_string
+ else:
+ colon_count = db_host.count(':')
+ if colon_count == 0:
+ if DB_TYPE_DEFAULT_PORT_MAP.has_key(db_type):
+ connection_string = db_host + ":" + DB_TYPE_DEFAULT_PORT_MAP[db_type]
+ else:
+ connection_string = db_host
+ elif colon_count == 1:
+ connection_string = db_host
+ elif colon_count == 2:
+ connection_string = db_host
+
+ return connection_string
+
+ def getOracleDBConnectionHostPort(self, db_type, db_host, rangerDbName):
+ connection_string = self.getDBConnectionHostPort(db_type, db_host)
+ colon_count = db_host.count(':')
+ if colon_count == 1 and '/' in db_host:
+ connection_string = "//" + connection_string
+ elif colon_count == 0 or colon_count == 1:
+ connection_string = "//" + connection_string + "/" + rangerDbName if rangerDbName else "//" + connection_string
+
+ return connection_string
+
+ def recommendRangerUrlConfigurations(self, configurations, services, requiredServices):
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+
+ policymgr_external_url = ""
+ if 'admin-properties' in services['configurations'] and 'policymgr_external_url' in services['configurations']['admin-properties']['properties']:
+ if 'admin-properties' in configurations and 'policymgr_external_url' in configurations['admin-properties']['properties']:
+ policymgr_external_url = configurations['admin-properties']['properties']['policymgr_external_url']
+ else:
+ policymgr_external_url = services['configurations']['admin-properties']['properties']['policymgr_external_url']
+
+ for index in range(len(requiredServices)):
+ if requiredServices[index]['service_name'] in servicesList:
+ component_config_type = requiredServices[index]['config_type']
+ component_name = requiredServices[index]['service_name']
+ component_config_property = 'ranger.plugin.{0}.policy.rest.url'.format(component_name.lower())
+ if requiredServices[index]['service_name'] == 'RANGER_KMS':
+ component_config_property = 'ranger.plugin.kms.policy.rest.url'
+ putRangerSecurityProperty = self.putProperty(configurations, component_config_type, services)
+ if component_config_type in services["configurations"] and component_config_property in services["configurations"][component_config_type]["properties"]:
+ putRangerSecurityProperty(component_config_property, policymgr_external_url)
+
+ def recommendRangerConfigurationsFromHDP23(self, configurations, clusterData, services, hosts):
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services)
+ putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
+ putRangerUgsyncSite = self.putProperty(configurations, "ranger-ugsync-site", services)
+
+ if 'admin-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['admin-properties']['properties'])\
+ and ('db_host' in services['configurations']['admin-properties']['properties']) and ('db_name' in services['configurations']['admin-properties']['properties']):
+
+ rangerDbFlavor = services['configurations']["admin-properties"]["properties"]["DB_FLAVOR"]
+ rangerDbHost = services['configurations']["admin-properties"]["properties"]["db_host"]
+ rangerDbName = services['configurations']["admin-properties"]["properties"]["db_name"]
+ ranger_db_url_dict = {
+ 'MYSQL': {'ranger.jpa.jdbc.driver': 'com.mysql.jdbc.Driver',
+ 'ranger.jpa.jdbc.url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + '/' + rangerDbName},
+ 'ORACLE': {'ranger.jpa.jdbc.driver': 'oracle.jdbc.driver.OracleDriver',
+ 'ranger.jpa.jdbc.url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerDbFlavor, rangerDbHost, rangerDbName)},
+ 'POSTGRES': {'ranger.jpa.jdbc.driver': 'org.postgresql.Driver',
+ 'ranger.jpa.jdbc.url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + '/' + rangerDbName},
+ 'MSSQL': {'ranger.jpa.jdbc.driver': 'com.microsoft.sqlserver.jdbc.SQLServerDriver',
+ 'ranger.jpa.jdbc.url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';databaseName=' + rangerDbName},
+ 'SQLA': {'ranger.jpa.jdbc.driver': 'sap.jdbc4.sqlanywhere.IDriver',
+ 'ranger.jpa.jdbc.url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';database=' + rangerDbName}
+ }
+ rangerDbProperties = ranger_db_url_dict.get(rangerDbFlavor, ranger_db_url_dict['MYSQL'])
+ for key in rangerDbProperties:
+ putRangerAdminProperty(key, rangerDbProperties.get(key))
+
+ if 'admin-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['admin-properties']['properties']) \
+ and ('db_host' in services['configurations']['admin-properties']['properties']):
+
+ rangerDbFlavor = services['configurations']["admin-properties"]["properties"]["DB_FLAVOR"]
+ rangerDbHost = services['configurations']["admin-properties"]["properties"]["db_host"]
+ ranger_db_privelege_url_dict = {
+ 'MYSQL': {'ranger_privelege_user_jdbc_url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost)},
+ 'ORACLE': {'ranger_privelege_user_jdbc_url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerDbFlavor, rangerDbHost, None)},
+ 'POSTGRES': {'ranger_privelege_user_jdbc_url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + '/postgres'},
+ 'MSSQL': {'ranger_privelege_user_jdbc_url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';'},
+ 'SQLA': {'ranger_privelege_user_jdbc_url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';'}
+ }
+ rangerPrivelegeDbProperties = ranger_db_privelege_url_dict.get(rangerDbFlavor, ranger_db_privelege_url_dict['MYSQL'])
+ for key in rangerPrivelegeDbProperties:
+ putRangerEnvProperty(key, rangerPrivelegeDbProperties.get(key))
+
+ # Recommend ldap settings based on ambari.properties configuration
+ if 'ambari-server-properties' in services and \
+ 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \
+ services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true":
+ serverProperties = services['ambari-server-properties']
+ if 'authentication.ldap.baseDn' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.ldap.searchBase', serverProperties['authentication.ldap.baseDn'])
+ if 'authentication.ldap.groupMembershipAttr' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.group.memberattributename', serverProperties['authentication.ldap.groupMembershipAttr'])
+ if 'authentication.ldap.groupNamingAttr' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.group.nameattribute', serverProperties['authentication.ldap.groupNamingAttr'])
+ if 'authentication.ldap.groupObjectClass' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.group.objectclass', serverProperties['authentication.ldap.groupObjectClass'])
+ if 'authentication.ldap.managerDn' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.ldap.binddn', serverProperties['authentication.ldap.managerDn'])
+ if 'authentication.ldap.primaryUrl' in serverProperties:
+ ldap_protocol = 'ldap://'
+ if 'authentication.ldap.useSSL' in serverProperties and serverProperties['authentication.ldap.useSSL'] == 'true':
+ ldap_protocol = 'ldaps://'
+ ldapUrl = ldap_protocol + serverProperties['authentication.ldap.primaryUrl'] if serverProperties['authentication.ldap.primaryUrl'] else serverProperties['authentication.ldap.primaryUrl']
+ putRangerUgsyncSite('ranger.usersync.ldap.url', ldapUrl)
+ if 'authentication.ldap.userObjectClass' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.ldap.user.objectclass', serverProperties['authentication.ldap.userObjectClass'])
+ if 'authentication.ldap.usernameAttribute' in serverProperties:
+ putRangerUgsyncSite('ranger.usersync.ldap.user.nameattribute', serverProperties['authentication.ldap.usernameAttribute'])
+
+ # Recommend Ranger Authentication method
+ authMap = {
+ 'org.apache.ranger.unixusersync.process.UnixUserGroupBuilder': 'UNIX',
+ 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder': 'LDAP'
+ }
+
+ if 'ranger-ugsync-site' in services['configurations'] and 'ranger.usersync.source.impl.class' in services['configurations']["ranger-ugsync-site"]["properties"]:
+ rangerUserSyncClass = services['configurations']["ranger-ugsync-site"]["properties"]["ranger.usersync.source.impl.class"]
+ if rangerUserSyncClass in authMap:
+ rangerSqlConnectorProperty = authMap.get(rangerUserSyncClass)
+ putRangerAdminProperty('ranger.authentication.method', rangerSqlConnectorProperty)
+
+
+ if 'ranger-env' in services['configurations'] and 'is_solrCloud_enabled' in services['configurations']["ranger-env"]["properties"]:
+ isSolrCloudEnabled = services['configurations']["ranger-env"]["properties"]["is_solrCloud_enabled"] == "true"
+ else:
+ isSolrCloudEnabled = False
+
+ if isSolrCloudEnabled:
+ zookeeper_host_port = self.getZKHostPortString(services)
+ ranger_audit_zk_port = ''
+ if zookeeper_host_port:
+ ranger_audit_zk_port = '{0}/{1}'.format(zookeeper_host_port, 'ranger_audits')
+ putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port)
+ else:
+ putRangerAdminProperty('ranger.audit.solr.zookeepers', 'NONE')
+
+ # Recommend ranger.audit.solr.zookeepers and xasecure.audit.destination.hdfs.dir
+ include_hdfs = "HDFS" in servicesList
+ if include_hdfs:
+ if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
+ default_fs = services['configurations']['core-site']['properties']['fs.defaultFS']
+ putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', '{0}/{1}/{2}'.format(default_fs,'ranger','audit'))
+
+ # Recommend Ranger supported service's audit properties
+ ranger_services = [
+ {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'},
+ {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'},
+ {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-audit'},
+ {'service_name': 'HIVE', 'audit_file': 'ranger-hive-audit'},
+ {'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'},
+ {'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'},
+ {'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'}
+ ]
+
+ for item in range(len(ranger_services)):
+ if ranger_services[item]['service_name'] in servicesList:
+ component_audit_file = ranger_services[item]['audit_file']
+ if component_audit_file in services["configurations"]:
+ ranger_audit_dict = [
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.db', 'target_configname': 'xasecure.audit.destination.db'},
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs', 'target_configname': 'xasecure.audit.destination.hdfs'},
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs.dir', 'target_configname': 'xasecure.audit.destination.hdfs.dir'},
+ {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.solr', 'target_configname': 'xasecure.audit.destination.solr'},
+ {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.urls', 'target_configname': 'xasecure.audit.destination.solr.urls'},
+ {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.zookeepers', 'target_configname': 'xasecure.audit.destination.solr.zookeepers'}
+ ]
+ putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services)
+
+ for item in ranger_audit_dict:
+ if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]:
+ if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]:
+ rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']]
+ else:
+ rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']]
+ putRangerAuditProperty(item['target_configname'], rangerAuditProperty)
+
+ audit_solr_flag = 'false'
+ audit_db_flag = 'false'
+ ranger_audit_source_type = 'solr'
+ if 'ranger-env' in services['configurations'] and 'xasecure.audit.destination.solr' in services['configurations']["ranger-env"]["properties"]:
+ audit_solr_flag = services['configurations']["ranger-env"]["properties"]['xasecure.audit.destination.solr']
+ if 'ranger-env' in services['configurations'] and 'xasecure.audit.destination.db' in services['configurations']["ranger-env"]["properties"]:
+ audit_db_flag = services['configurations']["ranger-env"]["properties"]['xasecure.audit.destination.db']
+
+ if audit_db_flag == 'true' and audit_solr_flag == 'false':
+ ranger_audit_source_type = 'db'
+ putRangerAdminProperty('ranger.audit.source.type',ranger_audit_source_type)
+
+ knox_host = 'localhost'
+ knox_port = '8443'
+ if 'KNOX' in servicesList:
+ knox_hosts = self.getComponentHostNames(services, "KNOX", "KNOX_GATEWAY")
+ if len(knox_hosts) > 0:
+ knox_hosts.sort()
+ knox_host = knox_hosts[0]
+ if 'gateway-site' in services['configurations'] and 'gateway.port' in services['configurations']["gateway-site"]["properties"]:
+ knox_port = services['configurations']["gateway-site"]["properties"]['gateway.port']
+ putRangerAdminProperty('ranger.sso.providerurl', 'https://{0}:{1}/gateway/knoxsso/api/v1/websso'.format(knox_host, knox_port))
+
+ required_services = [
+ {'service_name': 'HDFS', 'config_type': 'ranger-hdfs-security'},
+ {'service_name': 'YARN', 'config_type': 'ranger-yarn-security'},
+ {'service_name': 'HBASE', 'config_type': 'ranger-hbase-security'},
+ {'service_name': 'HIVE', 'config_type': 'ranger-hive-security'},
+ {'service_name': 'KNOX', 'config_type': 'ranger-knox-security'},
+ {'service_name': 'KAFKA', 'config_type': 'ranger-kafka-security'},
+ {'service_name': 'RANGER_KMS','config_type': 'ranger-kms-security'},
+ {'service_name': 'STORM', 'config_type': 'ranger-storm-security'}
+ ]
+
+ # recommendation for ranger url for ranger-supported plugins
+ self.recommendRangerUrlConfigurations(configurations, services, required_services)
+
+ def recommendRangerConfigurationsFromHDP25(self, configurations, clusterData, services, hosts):
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ has_ranger_tagsync = False
+
+ putTagsyncAppProperty = self.putProperty(configurations, "tagsync-application-properties", services)
+ putTagsyncSiteProperty = self.putProperty(configurations, "ranger-tagsync-site", services)
+ putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services)
+ putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services)
+
+ application_properties = self.getServicesSiteProperties(services, "application-properties")
+
+ ranger_tagsync_host = self.getHostsForComponent(services, "RANGER", "RANGER_TAGSYNC")
+ has_ranger_tagsync = len(ranger_tagsync_host) > 0
+
+ if 'ATLAS' in servicesList and has_ranger_tagsync:
+ atlas_hosts = self.getHostNamesWithComponent("ATLAS", "ATLAS_SERVER", services)
+ atlas_host = 'localhost' if len(atlas_hosts) == 0 else atlas_hosts[0]
+ protocol = 'http'
+ atlas_port = '21000'
+
+ if application_properties and 'atlas.enableTLS' in application_properties and application_properties['atlas.enableTLS'].lower() == 'true':
+ protocol = 'https'
+ if 'atlas.server.https.port' in application_properties:
+ atlas_port = application_properties['atlas.server.https.port']
+ else:
+ protocol = 'http'
+ if application_properties and 'atlas.server.http.port' in application_properties:
+ atlas_port = application_properties['atlas.server.http.port']
+
+ atlas_rest_endpoint = '{0}://{1}:{2}'.format(protocol, atlas_host, atlas_port)
+
+ putTagsyncSiteProperty('ranger.tagsync.source.atlas', 'true')
+ putTagsyncSiteProperty('ranger.tagsync.source.atlasrest.endpoint', atlas_rest_endpoint)
+
+ zookeeper_host_port = self.getZKHostPortString(services)
+ if zookeeper_host_port and has_ranger_tagsync:
+ putTagsyncAppProperty('atlas.kafka.zookeeper.connect', zookeeper_host_port)
+
+ if 'KAFKA' in servicesList and has_ranger_tagsync:
+ kafka_hosts = self.getHostNamesWithComponent("KAFKA", "KAFKA_BROKER", services)
+ kafka_port = '6667'
+ if 'kafka-broker' in services['configurations'] and (
+ 'port' in services['configurations']['kafka-broker']['properties']):
+ kafka_port = services['configurations']['kafka-broker']['properties']['port']
+ kafka_host_port = []
+ for i in range(len(kafka_hosts)):
+ kafka_host_port.append(kafka_hosts[i] + ':' + kafka_port)
+
+ final_kafka_host = ",".join(kafka_host_port)
+ putTagsyncAppProperty('atlas.kafka.bootstrap.servers', final_kafka_host)
+
+ is_solr_cloud_enabled = False
+ if 'ranger-env' in services['configurations'] and 'is_solrCloud_enabled' in services['configurations']['ranger-env']['properties']:
+ is_solr_cloud_enabled = services['configurations']['ranger-env']['properties']['is_solrCloud_enabled'] == 'true'
+
+ is_external_solr_cloud_enabled = False
+ if 'ranger-env' in services['configurations'] and 'is_external_solrCloud_enabled' in services['configurations']['ranger-env']['properties']:
+ is_external_solr_cloud_enabled = services['configurations']['ranger-env']['properties']['is_external_solrCloud_enabled'] == 'true'
+
+ ranger_audit_zk_port = ''
+
+ if 'AMBARI_INFRA' in servicesList and zookeeper_host_port and is_solr_cloud_enabled and not is_external_solr_cloud_enabled:
+ zookeeper_host_port = zookeeper_host_port.split(',')
+ zookeeper_host_port.sort()
+ zookeeper_host_port = ",".join(zookeeper_host_port)
+ infra_solr_znode = '/infra-solr'
+
+ if 'infra-solr-env' in services['configurations'] and \
+ ('infra_solr_znode' in services['configurations']['infra-solr-env']['properties']):
+ infra_solr_znode = services['configurations']['infra-solr-env']['properties']['infra_solr_znode']
+ ranger_audit_zk_port = '{0}{1}'.format(zookeeper_host_port, infra_solr_znode)
+ putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port)
+ elif zookeeper_host_port and is_solr_cloud_enabled and is_external_solr_cloud_enabled:
+ ranger_audit_zk_port = '{0}/{1}'.format(zookeeper_host_port, 'ranger_audits')
+ putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port)
+ else:
+ putRangerAdminProperty('ranger.audit.solr.zookeepers', 'NONE')
+
+ ranger_services = [
+ {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'},
+ {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'},
+ {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-audit'},
+ {'service_name': 'HIVE', 'audit_file': 'ranger-hive-audit'},
+ {'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'},
+ {'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'},
+ {'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'},
+ {'service_name': 'RANGER_KMS', 'audit_file': 'ranger-kms-audit'},
+ {'service_name': 'ATLAS', 'audit_file': 'ranger-atlas-audit'}
+ ]
+
+ for item in range(len(ranger_services)):
+ if ranger_services[item]['service_name'] in servicesList:
+ component_audit_file = ranger_services[item]['audit_file']
+ if component_audit_file in services["configurations"]:
+ ranger_audit_dict = [
+ {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.urls', 'target_configname': 'xasecure.audit.destination.solr.urls'},
+ {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.zookeepers', 'target_configname': 'xasecure.audit.destination.solr.zookeepers'}
+ ]
+ putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services)
+
+ for item in ranger_audit_dict:
+ if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]:
+ if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]:
+ rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']]
+ else:
+ rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']]
+ putRangerAuditProperty(item['target_configname'], rangerAuditProperty)
+
+ if "HDFS" in servicesList:
+ hdfs_user = None
+ if "hadoop-env" in services["configurations"] and "hdfs_user" in services["configurations"]["hadoop-env"]["properties"]:
+ hdfs_user = services["configurations"]["hadoop-env"]["properties"]["hdfs_user"]
+ putRangerAdminProperty('ranger.kms.service.user.hdfs', hdfs_user)
+
+ if "HIVE" in servicesList:
+ hive_user = None
+ if "hive-env" in services["configurations"] and "hive_user" in services["configurations"]["hive-env"]["properties"]:
+ hive_user = services["configurations"]["hive-env"]["properties"]["hive_user"]
+ putRangerAdminProperty('ranger.kms.service.user.hive', hive_user)
+
+ ranger_plugins_serviceuser = [
+ {'service_name': 'HDFS', 'file_name': 'hadoop-env', 'config_name': 'hdfs_user', 'target_configname': 'ranger.plugins.hdfs.serviceuser'},
+ {'service_name': 'HIVE', 'file_name': 'hive-env', 'config_name': 'hive_user', 'target_configname': 'ranger.plugins.hive.serviceuser'},
+ {'service_name': 'YARN', 'file_name': 'yarn-env', 'config_name': 'yarn_user', 'target_configname': 'ranger.plugins.yarn.serviceuser'},
+ {'service_name': 'HBASE', 'file_name': 'hbase-env', 'config_name': 'hbase_user', 'target_configname': 'ranger.plugins.hbase.serviceuser'},
+ {'service_name': 'KNOX', 'file_name': 'knox-env', 'config_name': 'knox_user', 'target_configname': 'ranger.plugins.knox.serviceuser'},
+ {'service_name': 'STORM', 'file_name': 'storm-env', 'config_name': 'storm_user', 'target_configname': 'ranger.plugins.storm.serviceuser'},
+ {'service_name': 'KAFKA', 'file_name': 'kafka-env', 'config_name': 'kafka_user', 'target_configname': 'ranger.plugins.kafka.serviceuser'},
+ {'service_name': 'RANGER_KMS', 'file_name': 'kms-env', 'config_name': 'kms_user', 'target_configname': 'ranger.plugins.kms.serviceuser'},
+ {'service_name': 'ATLAS', 'file_name': 'atlas-env', 'config_name': 'metadata_user', 'target_configname': 'ranger.plugins.atlas.serviceuser'}
+ ]
+
+ for item in range(len(ranger_plugins_serviceuser)):
+ if ranger_plugins_serviceuser[item]['service_name'] in servicesList:
+ file_name = ranger_plugins_serviceuser[item]['file_name']
+ config_name = ranger_plugins_serviceuser[item]['config_name']
+ target_configname = ranger_plugins_serviceuser[item]['target_configname']
+ if file_name in services["configurations"] and config_name in services["configurations"][file_name]["properties"]:
+ service_user = services["configurations"][file_name]["properties"][config_name]
+ putRangerAdminProperty(target_configname, service_user)
+
+ if "ATLAS" in servicesList:
+ if "ranger-env" in services["configurations"]:
+ putAtlasRangerAuditProperty = self.putProperty(configurations, 'ranger-atlas-audit', services)
+ xasecure_audit_destination_hdfs = ''
+ xasecure_audit_destination_hdfs_dir = ''
+ xasecure_audit_destination_solr = ''
+ if 'xasecure.audit.destination.hdfs' in configurations['ranger-env']['properties']:
+ xasecure_audit_destination_hdfs = configurations['ranger-env']['properties']['xasecure.audit.destination.hdfs']
+ else:
+ xasecure_audit_destination_hdfs = services['configurations']['ranger-env']['properties']['xasecure.audit.destination.hdfs']
+
+ if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']):
+ xasecure_audit_destination_hdfs_dir = '{0}/{1}/{2}'.format(services['configurations']['core-site']['properties']['fs.defaultFS'] ,'ranger','audit')
+
+ if 'xasecure.audit.destination.solr' in configurations['ranger-env']['properties']:
+ xasecure_audit_destination_solr = configurations['ranger-env']['properties']['xasecure.audit.destination.solr']
+ else:
+ xasecure_audit_destination_solr = services['configurations']['ranger-env']['properties']['xasecure.audit.destination.solr']
+
+ putAtlasRangerAuditProperty('xasecure.audit.destination.hdfs',xasecure_audit_destination_hdfs)
+ putAtlasRangerAuditProperty('xasecure.audit.destination.hdfs.dir',xasecure_audit_destination_hdfs_dir)
+ putAtlasRangerAuditProperty('xasecure.audit.destination.solr',xasecure_audit_destination_solr)
+ required_services = [
+ {'service_name': 'ATLAS', 'config_type': 'ranger-atlas-security'}
+ ]
+
+ # recommendation for ranger url for ranger-supported plugins
+ self.recommendRangerUrlConfigurations(configurations, services, required_services)
+
+ def recommendRangerConfigurationsFromHDP26(self, configurations, clusterData, services, hosts):
+
+ putRangerUgsyncSite = self.putProperty(configurations, 'ranger-ugsync-site', services)
+
+ delta_sync_enabled = False
+ if 'ranger-ugsync-site' in services['configurations'] and 'ranger.usersync.ldap.deltasync' in services['configurations']['ranger-ugsync-site']['properties']:
+ delta_sync_enabled = services['configurations']['ranger-ugsync-site']['properties']['ranger.usersync.ldap.deltasync'] == "true"
+
+ if delta_sync_enabled:
+ putRangerUgsyncSite("ranger.usersync.group.searchenabled", "true")
+ else:
+ putRangerUgsyncSite("ranger.usersync.group.searchenabled", "false")
+
+class RangerValidator(service_advisor.ServiceAdvisor):
+ """
+ Ranger Validator checks the correctness of properties whenever the service is first added or the user attempts to
+ change configs via the UI.
+ """
+
+ def __init__(self, *args, **kwargs):
+ self.as_super = super(RangerValidator, self)
+ self.as_super.__init__(*args, **kwargs)
+
+ self.validators = [("ranger-env", self.validateRangerConfigurationsEnvFromHDP22),
+ ("admin-properties", self.validateRangerAdminConfigurationsFromHDP23),
+ ("ranger-env", self.validateRangerConfigurationsEnvFromHDP23),
+ ("ranger-tagsync-site", self.validateRangerTagsyncConfigurationsFromHDP25),
+ ("ranger-ugsync-site", self.validateRangerUsersyncConfigurationsFromHDP26)]
+
+ def validateRangerConfigurationsEnvFromHDP22(self, properties, recommendedDefaults, configurations, services, hosts):
+ ranger_env_properties = properties
+ validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ if "ranger-storm-plugin-enabled" in ranger_env_properties and ranger_env_properties['ranger-storm-plugin-enabled'].lower() == 'yes' and not 'KERBEROS' in servicesList:
+ validationItems.append({"config-name": "ranger-storm-plugin-enabled",
+ "item": self.getWarnItem("Ranger Storm plugin should not be enabled in non-kerberos environment.")})
+ return self.toConfigurationValidationProblems(validationItems, "ranger-env")
+
+ def validateRangerAdminConfigurationsFromHDP23(self, properties, recommendedDefaults, configurations, services, hosts):
+ ranger_site = properties
+ validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+ if 'RANGER' in servicesList and 'policymgr_external_url' in ranger_site:
+ policymgr_mgr_url = ranger_site['policymgr_external_url']
+ if policymgr_mgr_url.endswith('/'):
+ validationItems.append({'config-name':'policymgr_external_url',
+ 'item':self.getWarnItem('Ranger External URL should not contain trailing slash "/"')})
+ return self.toConfigurationValidationProblems(validationItems,'admin-properties')
+
+ def validateRangerConfigurationsEnvFromHDP23(self, properties, recommendedDefaults, configurations, services, hosts):
+ ranger_env_properties = properties
+ validationItems = []
+ security_enabled = self.isSecurityEnabled(services)
+
+ if "ranger-kafka-plugin-enabled" in ranger_env_properties and ranger_env_properties["ranger-kafka-plugin-enabled"].lower() == 'yes' and not security_enabled:
+ validationItems.append({"config-name": "ranger-kafka-plugin-enabled",
+ "item": self.getWarnItem(
+ "Ranger Kafka plugin should not be enabled in non-kerberos environment.")})
+
+ validationProblems = self.toConfigurationValidationProblems(validationItems, "ranger-env")
+ return validationProblems
+
+ def validateRangerTagsyncConfigurationsFromHDP25(self, properties, recommendedDefaults, configurations, services, hosts):
+ ranger_tagsync_properties = properties
+ validationItems = []
+ servicesList = [service["StackServices"]["service_name"] for service in services["services"]]
+
+ has_atlas = False
+ if "RANGER" in servicesList:
+ has_atlas = not "ATLAS" in servicesList
+
+ if has_atlas and 'ranger.tagsync.source.atlas' in ranger_tagsync_properties and \
+ ranger_tagsync_properties['ranger.tagsync.source.atlas'].lower() == 'true':
+ validationItems.append({"config-name": "ranger.tagsync.source.atlas",
+ "item": self.getWarnItem(
+ "Need to Install ATLAS service to set ranger.tagsync.source.atlas as true.")})
+
+ return self.toConfigurationValidationProblems(validationItems, "ranger-tagsync-site")
+
+ def validateRangerUsersyncConfigurationsFromHDP26(self, properties, recommendedDefaults, configurations, services, hosts):
+ ranger_usersync_properties = properties
+ validationItems = []
+
+ delta_sync_enabled = 'ranger.usersync.ldap.deltasync' in ranger_usersync_properties \
+ and ranger_usersync_properties['ranger.usersync.ldap.deltasync'].lower() == 'true'
+ group_sync_enabled = 'ranger.usersync.group.searchenabled' in ranger_usersync_properties \
+ and ranger_usersync_properties['ranger.usersync.group.searchenabled'].lower() == 'true'
+ usersync_source_ldap_enabled = 'ranger.usersync.source.impl.class' in ranger_usersync_properties \
+ and ranger_usersync_properties['ranger.usersync.source.impl.class'] == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder'
+
+ if usersync_source_ldap_enabled and delta_sync_enabled and not group_sync_enabled:
+ validationItems.append({"config-name": "ranger.usersync.group.searchenabled",
+ "item": self.getWarnItem(
+ "Need to set ranger.usersync.group.searchenabled as true, as ranger.usersync.ldap.deltasync is enabled")})
+
+ return self.toConfigurationValidationProblems(validationItems, "ranger-ugsync-site")
\ No newline at end of file
[13/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/properties/ranger-solrconfig.xml.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/properties/ranger-solrconfig.xml.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/properties/ranger-solrconfig.xml.j2
deleted file mode 100644
index 25dbb7a..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/properties/ranger-solrconfig.xml.j2
+++ /dev/null
@@ -1,1874 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<!--
- For more details about configurations options that may appear in
- this file, see http://wiki.apache.org/solr/SolrConfigXml.
--->
-<config>
- <!-- In all configuration below, a prefix of "solr." for class names
- is an alias that causes solr to search appropriate packages,
- including org.apache.solr.(search|update|request|core|analysis)
-
- You may also specify a fully qualified Java classname if you
- have your own custom plugins.
- -->
-
- <!-- Controls what version of Lucene various components of Solr
- adhere to. Generally, you want to use the latest version to
- get all bug fixes and improvements. It is highly recommended
- that you fully re-index after changing this setting as it can
- affect both how text is indexed and queried.
- -->
- <luceneMatchVersion>5.2.0</luceneMatchVersion>
-
- <!-- <lib/> directives can be used to instruct Solr to load any Jars
- identified and use them to resolve any "plugins" specified in
- your solrconfig.xml or schema.xml (ie: Analyzers, Request
- Handlers, etc...).
-
- All directories and paths are resolved relative to the
- instanceDir.
-
- Please note that <lib/> directives are processed in the order
- that they appear in your solrconfig.xml file, and are "stacked"
- on top of each other when building a ClassLoader - so if you have
- plugin jars with dependencies on other jars, the "lower level"
- dependency jars should be loaded first.
-
- If a "./lib" directory exists in your instanceDir, all files
- found in it are included as if you had used the following
- syntax...
-
- <lib dir="./lib" />
- -->
-
- <!-- A 'dir' option by itself adds any files found in the directory
- to the classpath, this is useful for including all jars in a
- directory.
-
- When a 'regex' is specified in addition to a 'dir', only the
- files in that directory which completely match the regex
- (anchored on both ends) will be included.
-
- If a 'dir' option (with or without a regex) is used and nothing
- is found that matches, a warning will be logged.
-
- The examples below can be used to load some solr-contribs along
- with their external dependencies.
- -->
- <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-dataimporthandler-.*\.jar" />
-
- <lib dir="${solr.install.dir:../../../..}/contrib/extraction/lib" regex=".*\.jar" />
- <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-cell-\d.*\.jar" />
-
- <lib dir="${solr.install.dir:../../../..}/contrib/clustering/lib/" regex=".*\.jar" />
- <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-clustering-\d.*\.jar" />
-
- <lib dir="${solr.install.dir:../../../..}/contrib/langid/lib/" regex=".*\.jar" />
- <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-langid-\d.*\.jar" />
-
- <lib dir="${solr.install.dir:../../../..}/contrib/velocity/lib" regex=".*\.jar" />
- <lib dir="${solr.install.dir:../../../..}/dist/" regex="solr-velocity-\d.*\.jar" />
-
- <!-- an exact 'path' can be used instead of a 'dir' to specify a
- specific jar file. This will cause a serious error to be logged
- if it can't be loaded.
- -->
- <!--
- <lib path="../a-jar-that-does-not-exist.jar" />
- -->
-
- <!-- Data Directory
-
- Used to specify an alternate directory to hold all index data
- other than the default ./data under the Solr home. If
- replication is in use, this should match the replication
- configuration.
- -->
- <dataDir>${solr.data.dir:}</dataDir>
-
-
- <!-- The DirectoryFactory to use for indexes.
-
- solr.StandardDirectoryFactory is filesystem
- based and tries to pick the best implementation for the current
- JVM and platform. solr.NRTCachingDirectoryFactory, the default,
- wraps solr.StandardDirectoryFactory and caches small files in memory
- for better NRT performance.
-
- One can force a particular implementation via solr.MMapDirectoryFactory,
- solr.NIOFSDirectoryFactory, or solr.SimpleFSDirectoryFactory.
-
- solr.RAMDirectoryFactory is memory based, not
- persistent, and doesn't work with replication.
- -->
- <directoryFactory name="DirectoryFactory"
- class="${solr.directoryFactory:solr.NRTCachingDirectoryFactory}">
-
-
- <!-- These will be used if you are using the solr.HdfsDirectoryFactory,
- otherwise they will be ignored. If you don't plan on using hdfs,
- you can safely remove this section. -->
- <!-- The root directory that collection data should be written to. -->
- <str name="solr.hdfs.home">${solr.hdfs.home:}</str>
- <!-- The hadoop configuration files to use for the hdfs client. -->
- <str name="solr.hdfs.confdir">${solr.hdfs.confdir:}</str>
- <!-- Enable/Disable the hdfs cache. -->
- <str name="solr.hdfs.blockcache.enabled">${solr.hdfs.blockcache.enabled:true}</str>
- <!-- Enable/Disable using one global cache for all SolrCores.
- The settings used will be from the first HdfsDirectoryFactory created. -->
- <str name="solr.hdfs.blockcache.global">${solr.hdfs.blockcache.global:true}</str>
-
- </directoryFactory>
-
- <!-- The CodecFactory for defining the format of the inverted index.
- The default implementation is SchemaCodecFactory, which is the official Lucene
- index format, but hooks into the schema to provide per-field customization of
- the postings lists and per-document values in the fieldType element
- (postingsFormat/docValuesFormat). Note that most of the alternative implementations
- are experimental, so if you choose to customize the index format, it's a good
- idea to convert back to the official format e.g. via IndexWriter.addIndexes(IndexReader)
- before upgrading to a newer version to avoid unnecessary reindexing.
- -->
- <codecFactory class="solr.SchemaCodecFactory"/>
-
- <!-- To enable dynamic schema REST APIs, use the following for <schemaFactory>: -->
-
- <schemaFactory class="ManagedIndexSchemaFactory">
- <bool name="mutable">true</bool>
- <str name="managedSchemaResourceName">managed-schema</str>
- </schemaFactory>
-<!--
- When ManagedIndexSchemaFactory is specified, Solr will load the schema from
- the resource named in 'managedSchemaResourceName', rather than from schema.xml.
- Note that the managed schema resource CANNOT be named schema.xml. If the managed
- schema does not exist, Solr will create it after reading schema.xml, then rename
- 'schema.xml' to 'schema.xml.bak'.
-
- Do NOT hand edit the managed schema - external modifications will be ignored and
- overwritten as a result of schema modification REST API calls.
-
- When ManagedIndexSchemaFactory is specified with mutable = true, schema
- modification REST API calls will be allowed; otherwise, error responses will be
- sent back for these requests.
-
- <schemaFactory class="ClassicIndexSchemaFactory"/>
- -->
-
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Index Config - These settings control low-level behavior of indexing
- Most example settings here show the default value, but are commented
- out, to more easily see where customizations have been made.
-
- Note: This replaces <indexDefaults> and <mainIndex> from older versions
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <indexConfig>
- <!-- maxFieldLength was removed in 4.0. To get similar behavior, include a
- LimitTokenCountFilterFactory in your fieldType definition. E.g.
- <filter class="solr.LimitTokenCountFilterFactory" maxTokenCount="10000"/>
- -->
- <!-- Maximum time to wait for a write lock (ms) for an IndexWriter. Default: 1000 -->
- <!-- <writeLockTimeout>1000</writeLockTimeout> -->
-
- <!-- The maximum number of simultaneous threads that may be
- indexing documents at once in IndexWriter; if more than this
- many threads arrive they will wait for others to finish.
- Default in Solr/Lucene is 8. -->
- <!-- <maxIndexingThreads>8</maxIndexingThreads> -->
-
- <!-- Expert: Enabling compound file will use less files for the index,
- using fewer file descriptors on the expense of performance decrease.
- Default in Lucene is "true". Default in Solr is "false" (since 3.6) -->
- <!-- <useCompoundFile>false</useCompoundFile> -->
-
- <!-- ramBufferSizeMB sets the amount of RAM that may be used by Lucene
- indexing for buffering added documents and deletions before they are
- flushed to the Directory.
- maxBufferedDocs sets a limit on the number of documents buffered
- before flushing.
- If both ramBufferSizeMB and maxBufferedDocs is set, then
- Lucene will flush based on whichever limit is hit first.
- The default is 100 MB. -->
- <!-- <ramBufferSizeMB>100</ramBufferSizeMB> -->
- <!-- <maxBufferedDocs>1000</maxBufferedDocs> -->
-
- <!-- Expert: Merge Policy
- The Merge Policy in Lucene controls how merging of segments is done.
- The default since Solr/Lucene 3.3 is TieredMergePolicy.
- The default since Lucene 2.3 was the LogByteSizeMergePolicy,
- Even older versions of Lucene used LogDocMergePolicy.
- -->
- <!--
- <mergePolicy class="org.apache.lucene.index.TieredMergePolicy">
- <int name="maxMergeAtOnce">10</int>
- <int name="segmentsPerTier">10</int>
- </mergePolicy>
- -->
-
- <!-- Merge Factor
- The merge factor controls how many segments will get merged at a time.
- For TieredMergePolicy, mergeFactor is a convenience parameter which
- will set both MaxMergeAtOnce and SegmentsPerTier at once.
- For LogByteSizeMergePolicy, mergeFactor decides how many new segments
- will be allowed before they are merged into one.
- Default is 10 for both merge policies.
- -->
- <!--
- <mergeFactor>10</mergeFactor>
- -->
-
- <!-- Ranger customization. Set to 5 to trigger purging of deleted documents more often -->
- <mergeFactor>{{ranger_audit_logs_merge_factor}}</mergeFactor>
-
- <!-- Expert: Merge Scheduler
- The Merge Scheduler in Lucene controls how merges are
- performed. The ConcurrentMergeScheduler (Lucene 2.3 default)
- can perform merges in the background using separate threads.
- The SerialMergeScheduler (Lucene 2.2 default) does not.
- -->
- <!--
- <mergeScheduler class="org.apache.lucene.index.ConcurrentMergeScheduler"/>
- -->
-
- <!-- LockFactory
-
- This option specifies which Lucene LockFactory implementation
- to use.
-
- single = SingleInstanceLockFactory - suggested for a
- read-only index or when there is no possibility of
- another process trying to modify the index.
- native = NativeFSLockFactory - uses OS native file locking.
- Do not use when multiple solr webapps in the same
- JVM are attempting to share a single index.
- simple = SimpleFSLockFactory - uses a plain file for locking
-
- Defaults: 'native' is default for Solr3.6 and later, otherwise
- 'simple' is the default
-
- More details on the nuances of each LockFactory...
- http://wiki.apache.org/lucene-java/AvailableLockFactories
- -->
- <lockType>${solr.lock.type:native}</lockType>
-
- <!-- Unlock On Startup
-
- If true, unlock any held write or commit locks on startup.
- This defeats the locking mechanism that allows multiple
- processes to safely access a lucene index, and should be used
- with care. Default is "false".
-
- This is not needed if lock type is 'single'
- -->
- <!--
- <unlockOnStartup>false</unlockOnStartup>
- -->
-
- <!-- Commit Deletion Policy
- Custom deletion policies can be specified here. The class must
- implement org.apache.lucene.index.IndexDeletionPolicy.
-
- The default Solr IndexDeletionPolicy implementation supports
- deleting index commit points on number of commits, age of
- commit point and optimized status.
-
- The latest commit point should always be preserved regardless
- of the criteria.
- -->
- <!--
- <deletionPolicy class="solr.SolrDeletionPolicy">
- -->
- <!-- The number of commit points to be kept -->
- <!-- <str name="maxCommitsToKeep">1</str> -->
- <!-- The number of optimized commit points to be kept -->
- <!-- <str name="maxOptimizedCommitsToKeep">0</str> -->
- <!--
- Delete all commit points once they have reached the given age.
- Supports DateMathParser syntax e.g.
- -->
- <!--
- <str name="maxCommitAge">30MINUTES</str>
- <str name="maxCommitAge">1DAY</str>
- -->
- <!--
- </deletionPolicy>
- -->
-
- <!-- Lucene Infostream
-
- To aid in advanced debugging, Lucene provides an "InfoStream"
- of detailed information when indexing.
-
- Setting the value to true will instruct the underlying Lucene
- IndexWriter to write its info stream to solr's log. By default,
- this is enabled here, and controlled through log4j.properties.
- -->
- <infoStream>true</infoStream>
- </indexConfig>
-
-
- <!-- JMX
-
- This example enables JMX if and only if an existing MBeanServer
- is found, use this if you want to configure JMX through JVM
- parameters. Remove this to disable exposing Solr configuration
- and statistics to JMX.
-
- For more details see http://wiki.apache.org/solr/SolrJmx
- -->
- <jmx />
- <!-- If you want to connect to a particular server, specify the
- agentId
- -->
- <!-- <jmx agentId="myAgent" /> -->
- <!-- If you want to start a new MBeanServer, specify the serviceUrl -->
- <!-- <jmx serviceUrl="service:jmx:rmi:///jndi/rmi://localhost:9999/solr"/>
- -->
-
- <!-- The default high-performance update handler -->
- <updateHandler class="solr.DirectUpdateHandler2">
-
- <!-- Enables a transaction log, used for real-time get, durability, and
- and solr cloud replica recovery. The log can grow as big as
- uncommitted changes to the index, so use of a hard autoCommit
- is recommended (see below).
- "dir" - the target directory for transaction logs, defaults to the
- solr data directory. -->
- <updateLog>
- <str name="dir">${solr.ulog.dir:}</str>
- </updateLog>
-
- <!-- AutoCommit
-
- Perform a hard commit automatically under certain conditions.
- Instead of enabling autoCommit, consider using "commitWithin"
- when adding documents.
-
- http://wiki.apache.org/solr/UpdateXmlMessages
-
- maxDocs - Maximum number of documents to add since the last
- commit before automatically triggering a new commit.
-
- maxTime - Maximum amount of time in ms that is allowed to pass
- since a document was added before automatically
- triggering a new commit.
- openSearcher - if false, the commit causes recent index changes
- to be flushed to stable storage, but does not cause a new
- searcher to be opened to make those changes visible.
-
- If the updateLog is enabled, then it's highly recommended to
- have some sort of hard autoCommit to limit the log size.
- -->
- <autoCommit>
- <maxTime>${solr.autoCommit.maxTime:15000}</maxTime>
- <openSearcher>false</openSearcher>
- </autoCommit>
-
- <!-- softAutoCommit is like autoCommit except it causes a
- 'soft' commit which only ensures that changes are visible
- but does not ensure that data is synced to disk. This is
- faster and more near-realtime friendly than a hard commit.
- -->
-
- <autoSoftCommit>
- <maxTime>${solr.autoSoftCommit.maxTime:5000}</maxTime>
- </autoSoftCommit>
-
- <!-- Update Related Event Listeners
-
- Various IndexWriter related events can trigger Listeners to
- take actions.
-
- postCommit - fired after every commit or optimize command
- postOptimize - fired after every optimize command
- -->
- <!-- The RunExecutableListener executes an external command from a
- hook such as postCommit or postOptimize.
-
- exe - the name of the executable to run
- dir - dir to use as the current working directory. (default=".")
- wait - the calling thread waits until the executable returns.
- (default="true")
- args - the arguments to pass to the program. (default is none)
- env - environment variables to set. (default is none)
- -->
- <!-- This example shows how RunExecutableListener could be used
- with the script based replication...
- http://wiki.apache.org/solr/CollectionDistribution
- -->
- <!--
- <listener event="postCommit" class="solr.RunExecutableListener">
- <str name="exe">solr/bin/snapshooter</str>
- <str name="dir">.</str>
- <bool name="wait">true</bool>
- <arr name="args"> <str>arg1</str> <str>arg2</str> </arr>
- <arr name="env"> <str>MYVAR=val1</str> </arr>
- </listener>
- -->
-
- </updateHandler>
-
- <!-- IndexReaderFactory
-
- Use the following format to specify a custom IndexReaderFactory,
- which allows for alternate IndexReader implementations.
-
- ** Experimental Feature **
-
- Please note - Using a custom IndexReaderFactory may prevent
- certain other features from working. The API to
- IndexReaderFactory may change without warning or may even be
- removed from future releases if the problems cannot be
- resolved.
-
-
- ** Features that may not work with custom IndexReaderFactory **
-
- The ReplicationHandler assumes a disk-resident index. Using a
- custom IndexReader implementation may cause incompatibility
- with ReplicationHandler and may cause replication to not work
- correctly. See SOLR-1366 for details.
-
- -->
- <!--
- <indexReaderFactory name="IndexReaderFactory" class="package.class">
- <str name="someArg">Some Value</str>
- </indexReaderFactory >
- -->
-
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Query section - these settings control query time things like caches
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <query>
- <!-- Max Boolean Clauses
-
- Maximum number of clauses in each BooleanQuery, an exception
- is thrown if exceeded.
-
- ** WARNING **
-
- This option actually modifies a global Lucene property that
- will affect all SolrCores. If multiple solrconfig.xml files
- disagree on this property, the value at any given moment will
- be based on the last SolrCore to be initialized.
-
- -->
- <maxBooleanClauses>1024</maxBooleanClauses>
-
-
- <!-- Solr Internal Query Caches
-
- There are two implementations of cache available for Solr,
- LRUCache, based on a synchronized LinkedHashMap, and
- FastLRUCache, based on a ConcurrentHashMap.
-
- FastLRUCache has faster gets and slower puts in single
- threaded operation and thus is generally faster than LRUCache
- when the hit ratio of the cache is high (> 75%), and may be
- faster under other scenarios on multi-cpu systems.
- -->
-
- <!-- Filter Cache
-
- Cache used by SolrIndexSearcher for filters (DocSets),
- unordered sets of *all* documents that match a query. When a
- new searcher is opened, its caches may be prepopulated or
- "autowarmed" using data from caches in the old searcher.
- autowarmCount is the number of items to prepopulate. For
- LRUCache, the autowarmed items will be the most recently
- accessed items.
-
- Parameters:
- class - the SolrCache implementation LRUCache or
- (LRUCache or FastLRUCache)
- size - the maximum number of entries in the cache
- initialSize - the initial capacity (number of entries) of
- the cache. (see java.util.HashMap)
- autowarmCount - the number of entries to prepopulate from
- and old cache.
- -->
- <filterCache class="solr.FastLRUCache"
- size="512"
- initialSize="512"
- autowarmCount="0"/>
-
- <!-- Query Result Cache
-
- Caches results of searches - ordered lists of document ids
- (DocList) based on a query, a sort, and the range of documents requested.
- -->
- <queryResultCache class="solr.LRUCache"
- size="512"
- initialSize="512"
- autowarmCount="0"/>
-
- <!-- Document Cache
-
- Caches Lucene Document objects (the stored fields for each
- document). Since Lucene internal document ids are transient,
- this cache will not be autowarmed.
- -->
- <documentCache class="solr.LRUCache"
- size="512"
- initialSize="512"
- autowarmCount="0"/>
-
- <!-- custom cache currently used by block join -->
- <cache name="perSegFilter"
- class="solr.search.LRUCache"
- size="10"
- initialSize="0"
- autowarmCount="10"
- regenerator="solr.NoOpRegenerator" />
-
- <!-- Field Value Cache
-
- Cache used to hold field values that are quickly accessible
- by document id. The fieldValueCache is created by default
- even if not configured here.
- -->
- <!--
- <fieldValueCache class="solr.FastLRUCache"
- size="512"
- autowarmCount="128"
- showItems="32" />
- -->
-
- <!-- Custom Cache
-
- Example of a generic cache. These caches may be accessed by
- name through SolrIndexSearcher.getCache(),cacheLookup(), and
- cacheInsert(). The purpose is to enable easy caching of
- user/application level data. The regenerator argument should
- be specified as an implementation of solr.CacheRegenerator
- if autowarming is desired.
- -->
- <!--
- <cache name="myUserCache"
- class="solr.LRUCache"
- size="4096"
- initialSize="1024"
- autowarmCount="1024"
- regenerator="com.mycompany.MyRegenerator"
- />
- -->
-
-
- <!-- Lazy Field Loading
-
- If true, stored fields that are not requested will be loaded
- lazily. This can result in a significant speed improvement
- if the usual case is to not load all stored fields,
- especially if the skipped fields are large compressed text
- fields.
- -->
- <enableLazyFieldLoading>true</enableLazyFieldLoading>
-
- <!-- Use Filter For Sorted Query
-
- A possible optimization that attempts to use a filter to
- satisfy a search. If the requested sort does not include
- score, then the filterCache will be checked for a filter
- matching the query. If found, the filter will be used as the
- source of document ids, and then the sort will be applied to
- that.
-
- For most situations, this will not be useful unless you
- frequently get the same search repeatedly with different sort
- options, and none of them ever use "score"
- -->
- <!--
- <useFilterForSortedQuery>true</useFilterForSortedQuery>
- -->
-
- <!-- Result Window Size
-
- An optimization for use with the queryResultCache. When a search
- is requested, a superset of the requested number of document ids
- are collected. For example, if a search for a particular query
- requests matching documents 10 through 19, and queryWindowSize is 50,
- then documents 0 through 49 will be collected and cached. Any further
- requests in that range can be satisfied via the cache.
- -->
- <queryResultWindowSize>20</queryResultWindowSize>
-
- <!-- Maximum number of documents to cache for any entry in the
- queryResultCache.
- -->
- <queryResultMaxDocsCached>200</queryResultMaxDocsCached>
-
- <!-- Query Related Event Listeners
-
- Various IndexSearcher related events can trigger Listeners to
- take actions.
-
- newSearcher - fired whenever a new searcher is being prepared
- and there is a current searcher handling requests (aka
- registered). It can be used to prime certain caches to
- prevent long request times for certain requests.
-
- firstSearcher - fired whenever a new searcher is being
- prepared but there is no current registered searcher to handle
- requests or to gain autowarming data from.
-
-
- -->
- <!-- QuerySenderListener takes an array of NamedList and executes a
- local query request for each NamedList in sequence.
- -->
- <listener event="newSearcher" class="solr.QuerySenderListener">
- <arr name="queries">
- <!--
- <lst><str name="q">solr</str><str name="sort">price asc</str></lst>
- <lst><str name="q">rocks</str><str name="sort">weight asc</str></lst>
- -->
- </arr>
- </listener>
- <listener event="firstSearcher" class="solr.QuerySenderListener">
- <arr name="queries">
- <lst>
- <str name="q">static firstSearcher warming in solrconfig.xml</str>
- </lst>
- </arr>
- </listener>
-
- <!-- Use Cold Searcher
-
- If a search request comes in and there is no current
- registered searcher, then immediately register the still
- warming searcher and use it. If "false" then all requests
- will block until the first searcher is done warming.
- -->
- <useColdSearcher>true</useColdSearcher>
-
- <!-- Max Warming Searchers
-
- Maximum number of searchers that may be warming in the
- background concurrently. An error is returned if this limit
- is exceeded.
-
- Recommend values of 1-2 for read-only slaves, higher for
- masters w/o cache warming.
- -->
- <maxWarmingSearchers>2</maxWarmingSearchers>
-
- </query>
-
-
- <!-- Request Dispatcher
-
- This section contains instructions for how the SolrDispatchFilter
- should behave when processing requests for this SolrCore.
-
- handleSelect is a legacy option that affects the behavior of requests
- such as /select?qt=XXX
-
- handleSelect="true" will cause the SolrDispatchFilter to process
- the request and dispatch the query to a handler specified by the
- "qt" param, assuming "/select" isn't already registered.
-
- handleSelect="false" will cause the SolrDispatchFilter to
- ignore "/select" requests, resulting in a 404 unless a handler
- is explicitly registered with the name "/select"
-
- handleSelect="true" is not recommended for new users, but is the default
- for backwards compatibility
- -->
- <requestDispatcher handleSelect="false" >
- <!-- Request Parsing
-
- These settings indicate how Solr Requests may be parsed, and
- what restrictions may be placed on the ContentStreams from
- those requests
-
- enableRemoteStreaming - enables use of the stream.file
- and stream.url parameters for specifying remote streams.
-
- multipartUploadLimitInKB - specifies the max size (in KiB) of
- Multipart File Uploads that Solr will allow in a Request.
-
- formdataUploadLimitInKB - specifies the max size (in KiB) of
- form data (application/x-www-form-urlencoded) sent via
- POST. You can use POST to pass request parameters not
- fitting into the URL.
-
- addHttpRequestToContext - if set to true, it will instruct
- the requestParsers to include the original HttpServletRequest
- object in the context map of the SolrQueryRequest under the
- key "httpRequest". It will not be used by any of the existing
- Solr components, but may be useful when developing custom
- plugins.
-
- *** WARNING ***
- The settings below authorize Solr to fetch remote files, You
- should make sure your system has some authentication before
- using enableRemoteStreaming="true"
-
- -->
- <requestParsers enableRemoteStreaming="true"
- multipartUploadLimitInKB="2048000"
- formdataUploadLimitInKB="2048"
- addHttpRequestToContext="false"/>
-
- <!-- HTTP Caching
-
- Set HTTP caching related parameters (for proxy caches and clients).
-
- The options below instruct Solr not to output any HTTP Caching
- related headers
- -->
- <httpCaching never304="true" />
- <!-- If you include a <cacheControl> directive, it will be used to
- generate a Cache-Control header (as well as an Expires header
- if the value contains "max-age=")
-
- By default, no Cache-Control header is generated.
-
- You can use the <cacheControl> option even if you have set
- never304="true"
- -->
- <!--
- <httpCaching never304="true" >
- <cacheControl>max-age=30, public</cacheControl>
- </httpCaching>
- -->
- <!-- To enable Solr to respond with automatically generated HTTP
- Caching headers, and to response to Cache Validation requests
- correctly, set the value of never304="false"
-
- This will cause Solr to generate Last-Modified and ETag
- headers based on the properties of the Index.
-
- The following options can also be specified to affect the
- values of these headers...
-
- lastModFrom - the default value is "openTime" which means the
- Last-Modified value (and validation against If-Modified-Since
- requests) will all be relative to when the current Searcher
- was opened. You can change it to lastModFrom="dirLastMod" if
- you want the value to exactly correspond to when the physical
- index was last modified.
-
- etagSeed="..." is an option you can change to force the ETag
- header (and validation against If-None-Match requests) to be
- different even if the index has not changed (ie: when making
- significant changes to your config file)
-
- (lastModifiedFrom and etagSeed are both ignored if you use
- the never304="true" option)
- -->
- <!--
- <httpCaching lastModifiedFrom="openTime"
- etagSeed="Solr">
- <cacheControl>max-age=30, public</cacheControl>
- </httpCaching>
- -->
- </requestDispatcher>
-
- <!-- Request Handlers
-
- http://wiki.apache.org/solr/SolrRequestHandler
-
- Incoming queries will be dispatched to a specific handler by name
- based on the path specified in the request.
-
- Legacy behavior: If the request path uses "/select" but no Request
- Handler has that name, and if handleSelect="true" has been specified in
- the requestDispatcher, then the Request Handler is dispatched based on
- the qt parameter. Handlers without a leading '/' are accessed this way
- like so: http://host/app/[core/]select?qt=name If no qt is
- given, then the requestHandler that declares default="true" will be
- used or the one named "standard".
-
- If a Request Handler is declared with startup="lazy", then it will
- not be initialized until the first request that uses it.
-
- -->
-
- <requestHandler name="/dataimport" class="solr.DataImportHandler">
- <lst name="defaults">
- <str name="config">solr-data-config.xml</str>
- </lst>
- </requestHandler>
-
- <!-- SearchHandler
-
- http://wiki.apache.org/solr/SearchHandler
-
- For processing Search Queries, the primary Request Handler
- provided with Solr is "SearchHandler" It delegates to a sequent
- of SearchComponents (see below) and supports distributed
- queries across multiple shards
- -->
- <requestHandler name="/select" class="solr.SearchHandler">
- <!-- default values for query parameters can be specified, these
- will be overridden by parameters in the request
- -->
- <lst name="defaults">
- <str name="echoParams">explicit</str>
- <int name="rows">10</int>
- <str name="df">text</str>
- </lst>
- <!-- In addition to defaults, "appends" params can be specified
- to identify values which should be appended to the list of
- multi-val params from the query (or the existing "defaults").
- -->
- <!-- In this example, the param "fq=instock:true" would be appended to
- any query time fq params the user may specify, as a mechanism for
- partitioning the index, independent of any user selected filtering
- that may also be desired (perhaps as a result of faceted searching).
-
- NOTE: there is *absolutely* nothing a client can do to prevent these
- "appends" values from being used, so don't use this mechanism
- unless you are sure you always want it.
- -->
- <!--
- <lst name="appends">
- <str name="fq">inStock:true</str>
- </lst>
- -->
- <!-- "invariants" are a way of letting the Solr maintainer lock down
- the options available to Solr clients. Any params values
- specified here are used regardless of what values may be specified
- in either the query, the "defaults", or the "appends" params.
-
- In this example, the facet.field and facet.query params would
- be fixed, limiting the facets clients can use. Faceting is
- not turned on by default - but if the client does specify
- facet=true in the request, these are the only facets they
- will be able to see counts for; regardless of what other
- facet.field or facet.query params they may specify.
-
- NOTE: there is *absolutely* nothing a client can do to prevent these
- "invariants" values from being used, so don't use this mechanism
- unless you are sure you always want it.
- -->
- <!--
- <lst name="invariants">
- <str name="facet.field">cat</str>
- <str name="facet.field">manu_exact</str>
- <str name="facet.query">price:[* TO 500]</str>
- <str name="facet.query">price:[500 TO *]</str>
- </lst>
- -->
- <!-- If the default list of SearchComponents is not desired, that
- list can either be overridden completely, or components can be
- prepended or appended to the default list. (see below)
- -->
- <!--
- <arr name="components">
- <str>nameOfCustomComponent1</str>
- <str>nameOfCustomComponent2</str>
- </arr>
- -->
- </requestHandler>
-
- <!-- A request handler that returns indented JSON by default -->
- <requestHandler name="/query" class="solr.SearchHandler">
- <lst name="defaults">
- <str name="echoParams">explicit</str>
- <str name="wt">json</str>
- <str name="indent">true</str>
- <str name="df">text</str>
- </lst>
- </requestHandler>
-
-
- <!-- realtime get handler, guaranteed to return the latest stored fields of
- any document, without the need to commit or open a new searcher. The
- current implementation relies on the updateLog feature being enabled.
-
- ** WARNING **
- Do NOT disable the realtime get handler at /get if you are using
- SolrCloud otherwise any leader election will cause a full sync in ALL
- replicas for the shard in question. Similarly, a replica recovery will
- also always fetch the complete index from the leader because a partial
- sync will not be possible in the absence of this handler.
- -->
- <requestHandler name="/get" class="solr.RealTimeGetHandler">
- <lst name="defaults">
- <str name="omitHeader">true</str>
- <str name="wt">json</str>
- <str name="indent">true</str>
- </lst>
- </requestHandler>
-
-
- <!-- A Robust Example
-
- This example SearchHandler declaration shows off usage of the
- SearchHandler with many defaults declared
-
- Note that multiple instances of the same Request Handler
- (SearchHandler) can be registered multiple times with different
- names (and different init parameters)
- -->
- <requestHandler name="/browse" class="solr.SearchHandler">
- <lst name="defaults">
- <str name="echoParams">explicit</str>
-
- <!-- VelocityResponseWriter settings -->
- <str name="wt">velocity</str>
- <str name="v.template">browse</str>
- <str name="v.layout">layout</str>
-
- <!-- Query settings -->
- <str name="defType">edismax</str>
- <str name="q.alt">*:*</str>
- <str name="rows">10</str>
- <str name="fl">*,score</str>
-
- <!-- Faceting defaults -->
- <str name="facet">on</str>
- <str name="facet.mincount">1</str>
- </lst>
- </requestHandler>
-
-
- <initParams path="/update/**,/query,/select,/tvrh,/elevate,/spell,/browse">
- <lst name="defaults">
- <str name="df">text</str>
- <str name="update.chain">add-unknown-fields-to-the-schema</str>
- </lst>
- </initParams>
-
- <!-- Update Request Handler.
-
- http://wiki.apache.org/solr/UpdateXmlMessages
-
- The canonical Request Handler for Modifying the Index through
- commands specified using XML, JSON, CSV, or JAVABIN
-
- Note: Since solr1.1 requestHandlers requires a valid content
- type header if posted in the body. For example, curl now
- requires: -H 'Content-type:text/xml; charset=utf-8'
-
- To override the request content type and force a specific
- Content-type, use the request parameter:
- ?update.contentType=text/csv
-
- This handler will pick a response format to match the input
- if the 'wt' parameter is not explicit
- -->
- <requestHandler name="/update" class="solr.UpdateRequestHandler">
- <!-- See below for information on defining
- updateRequestProcessorChains that can be used by name
- on each Update Request
- -->
- <!--
- <lst name="defaults">
- <str name="update.chain">dedupe</str>
- </lst>
- -->
- </requestHandler>
-
- <!-- Solr Cell Update Request Handler
-
- http://wiki.apache.org/solr/ExtractingRequestHandler
-
- -->
- <requestHandler name="/update/extract"
- startup="lazy"
- class="solr.extraction.ExtractingRequestHandler" >
- <lst name="defaults">
- <str name="lowernames">true</str>
- <str name="uprefix">ignored_</str>
-
- <!-- capture link hrefs but ignore div attributes -->
- <str name="captureAttr">true</str>
- <str name="fmap.a">links</str>
- <str name="fmap.div">ignored_</str>
- </lst>
- </requestHandler>
-
-
- <!-- Field Analysis Request Handler
-
- RequestHandler that provides much the same functionality as
- analysis.jsp. Provides the ability to specify multiple field
- types and field names in the same request and outputs
- index-time and query-time analysis for each of them.
-
- Request parameters are:
- analysis.fieldname - field name whose analyzers are to be used
-
- analysis.fieldtype - field type whose analyzers are to be used
- analysis.fieldvalue - text for index-time analysis
- q (or analysis.q) - text for query time analysis
- analysis.showmatch (true|false) - When set to true and when
- query analysis is performed, the produced tokens of the
- field value analysis will be marked as "matched" for every
- token that is produces by the query analysis
- -->
- <requestHandler name="/analysis/field"
- startup="lazy"
- class="solr.FieldAnalysisRequestHandler" />
-
-
- <!-- Document Analysis Handler
-
- http://wiki.apache.org/solr/AnalysisRequestHandler
-
- An analysis handler that provides a breakdown of the analysis
- process of provided documents. This handler expects a (single)
- content stream with the following format:
-
- <docs>
- <doc>
- <field name="id">1</field>
- <field name="name">The Name</field>
- <field name="text">The Text Value</field>
- </doc>
- <doc>...</doc>
- <doc>...</doc>
- ...
- </docs>
-
- Note: Each document must contain a field which serves as the
- unique key. This key is used in the returned response to associate
- an analysis breakdown to the analyzed document.
-
- Like the FieldAnalysisRequestHandler, this handler also supports
- query analysis by sending either an "analysis.query" or "q"
- request parameter that holds the query text to be analyzed. It
- also supports the "analysis.showmatch" parameter which when set to
- true, all field tokens that match the query tokens will be marked
- as a "match".
- -->
- <requestHandler name="/analysis/document"
- class="solr.DocumentAnalysisRequestHandler"
- startup="lazy" />
-
- <!-- This single handler is equivalent to the following... -->
- <!--
- <requestHandler name="/admin/luke" class="solr.admin.LukeRequestHandler" />
- <requestHandler name="/admin/system" class="solr.admin.SystemInfoHandler" />
- <requestHandler name="/admin/plugins" class="solr.admin.PluginInfoHandler" />
- <requestHandler name="/admin/threads" class="solr.admin.ThreadDumpHandler" />
- <requestHandler name="/admin/properties" class="solr.admin.PropertiesRequestHandler" />
- <requestHandler name="/admin/file" class="solr.admin.ShowFileRequestHandler" >
- -->
- <!-- If you wish to hide files under ${solr.home}/conf, explicitly
- register the ShowFileRequestHandler using the definition below.
- NOTE: The glob pattern ('*') is the only pattern supported at present, *.xml will
- not exclude all files ending in '.xml'. Use it to exclude _all_ updates
- -->
- <!--
- <requestHandler name="/admin/file"
- class="solr.admin.ShowFileRequestHandler" >
- <lst name="invariants">
- <str name="hidden">synonyms.txt</str>
- <str name="hidden">anotherfile.txt</str>
- <str name="hidden">*</str>
- </lst>
- </requestHandler>
- -->
-
- <!--
- Enabling this request handler (which is NOT a default part of the admin handler) will allow the Solr UI to edit
- all the config files. This is intended for secure/development use ONLY! Leaving available and publically
- accessible is a security vulnerability and should be done with extreme caution!
- -->
- <!--
- <requestHandler name="/admin/fileedit" class="solr.admin.EditFileRequestHandler" >
- <lst name="invariants">
- <str name="hidden">synonyms.txt</str>
- <str name="hidden">anotherfile.txt</str>
- </lst>
- </requestHandler>
- -->
- <!-- ping/healthcheck -->
- <requestHandler name="/admin/ping" class="solr.PingRequestHandler">
- <lst name="invariants">
- <str name="q">solrpingquery</str>
- </lst>
- <lst name="defaults">
- <str name="echoParams">all</str>
- </lst>
- <!-- An optional feature of the PingRequestHandler is to configure the
- handler with a "healthcheckFile" which can be used to enable/disable
- the PingRequestHandler.
- relative paths are resolved against the data dir
- -->
- <!-- <str name="healthcheckFile">server-enabled.txt</str> -->
- </requestHandler>
-
- <!-- Echo the request contents back to the client -->
- <requestHandler name="/debug/dump" class="solr.DumpRequestHandler" >
- <lst name="defaults">
- <str name="echoParams">explicit</str>
- <str name="echoHandler">true</str>
- </lst>
- </requestHandler>
-
- <!-- Solr Replication
-
- The SolrReplicationHandler supports replicating indexes from a
- "master" used for indexing and "slaves" used for queries.
-
- http://wiki.apache.org/solr/SolrReplication
-
- It is also necessary for SolrCloud to function (in Cloud mode, the
- replication handler is used to bulk transfer segments when nodes
- are added or need to recover).
-
- https://wiki.apache.org/solr/SolrCloud/
- -->
- <requestHandler name="/replication" class="solr.ReplicationHandler" >
- <!--
- To enable simple master/slave replication, uncomment one of the
- sections below, depending on whether this solr instance should be
- the "master" or a "slave". If this instance is a "slave" you will
- also need to fill in the masterUrl to point to a real machine.
- -->
- <!--
- <lst name="master">
- <str name="replicateAfter">commit</str>
- <str name="replicateAfter">startup</str>
- <str name="confFiles">schema.xml,stopwords.txt</str>
- </lst>
- -->
- <!--
- <lst name="slave">
- <str name="masterUrl">http://your-master-hostname:8983/solr</str>
- <str name="pollInterval">00:00:60</str>
- </lst>
- -->
- </requestHandler>
-
- <!-- Search Components
-
- Search components are registered to SolrCore and used by
- instances of SearchHandler (which can access them by name)
-
- By default, the following components are available:
-
- <searchComponent name="query" class="solr.QueryComponent" />
- <searchComponent name="facet" class="solr.FacetComponent" />
- <searchComponent name="mlt" class="solr.MoreLikeThisComponent" />
- <searchComponent name="highlight" class="solr.HighlightComponent" />
- <searchComponent name="stats" class="solr.StatsComponent" />
- <searchComponent name="debug" class="solr.DebugComponent" />
-
- Default configuration in a requestHandler would look like:
-
- <arr name="components">
- <str>query</str>
- <str>facet</str>
- <str>mlt</str>
- <str>highlight</str>
- <str>stats</str>
- <str>debug</str>
- </arr>
-
- If you register a searchComponent to one of the standard names,
- that will be used instead of the default.
-
- To insert components before or after the 'standard' components, use:
-
- <arr name="first-components">
- <str>myFirstComponentName</str>
- </arr>
-
- <arr name="last-components">
- <str>myLastComponentName</str>
- </arr>
-
- NOTE: The component registered with the name "debug" will
- always be executed after the "last-components"
-
- -->
-
- <!-- Spell Check
-
- The spell check component can return a list of alternative spelling
- suggestions.
-
- http://wiki.apache.org/solr/SpellCheckComponent
- -->
- <searchComponent name="spellcheck" class="solr.SpellCheckComponent">
-
- <str name="queryAnalyzerFieldType">text_general</str>
-
- <!-- Multiple "Spell Checkers" can be declared and used by this
- component
- -->
-
- <!-- a spellchecker built from a field of the main index -->
- <lst name="spellchecker">
- <str name="name">default</str>
- <str name="field">text</str>
- <str name="classname">solr.DirectSolrSpellChecker</str>
- <!-- the spellcheck distance measure used, the default is the internal levenshtein -->
- <str name="distanceMeasure">internal</str>
- <!-- minimum accuracy needed to be considered a valid spellcheck suggestion -->
- <float name="accuracy">0.5</float>
- <!-- the maximum #edits we consider when enumerating terms: can be 1 or 2 -->
- <int name="maxEdits">2</int>
- <!-- the minimum shared prefix when enumerating terms -->
- <int name="minPrefix">1</int>
- <!-- maximum number of inspections per result. -->
- <int name="maxInspections">5</int>
- <!-- minimum length of a query term to be considered for correction -->
- <int name="minQueryLength">4</int>
- <!-- maximum threshold of documents a query term can appear to be considered for correction -->
- <float name="maxQueryFrequency">0.01</float>
- <!-- uncomment this to require suggestions to occur in 1% of the documents
- <float name="thresholdTokenFrequency">.01</float>
- -->
- </lst>
-
- <!-- a spellchecker that can break or combine words. See "/spell" handler below for usage -->
- <lst name="spellchecker">
- <str name="name">wordbreak</str>
- <str name="classname">solr.WordBreakSolrSpellChecker</str>
- <str name="field">name</str>
- <str name="combineWords">true</str>
- <str name="breakWords">true</str>
- <int name="maxChanges">10</int>
- </lst>
-
- <!-- a spellchecker that uses a different distance measure -->
- <!--
- <lst name="spellchecker">
- <str name="name">jarowinkler</str>
- <str name="field">spell</str>
- <str name="classname">solr.DirectSolrSpellChecker</str>
- <str name="distanceMeasure">
- org.apache.lucene.search.spell.JaroWinklerDistance
- </str>
- </lst>
- -->
-
- <!-- a spellchecker that use an alternate comparator
-
- comparatorClass be one of:
- 1. score (default)
- 2. freq (Frequency first, then score)
- 3. A fully qualified class name
- -->
- <!--
- <lst name="spellchecker">
- <str name="name">freq</str>
- <str name="field">lowerfilt</str>
- <str name="classname">solr.DirectSolrSpellChecker</str>
- <str name="comparatorClass">freq</str>
- -->
-
- <!-- A spellchecker that reads the list of words from a file -->
- <!--
- <lst name="spellchecker">
- <str name="classname">solr.FileBasedSpellChecker</str>
- <str name="name">file</str>
- <str name="sourceLocation">spellings.txt</str>
- <str name="characterEncoding">UTF-8</str>
- <str name="spellcheckIndexDir">spellcheckerFile</str>
- </lst>
- -->
- </searchComponent>
-
- <!-- A request handler for demonstrating the spellcheck component.
-
- NOTE: This is purely as an example. The whole purpose of the
- SpellCheckComponent is to hook it into the request handler that
- handles your normal user queries so that a separate request is
- not needed to get suggestions.
-
- IN OTHER WORDS, THERE IS REALLY GOOD CHANCE THE SETUP BELOW IS
- NOT WHAT YOU WANT FOR YOUR PRODUCTION SYSTEM!
-
- See http://wiki.apache.org/solr/SpellCheckComponent for details
- on the request parameters.
- -->
- <requestHandler name="/spell" class="solr.SearchHandler" startup="lazy">
- <lst name="defaults">
- <str name="df">text</str>
- <!-- Solr will use suggestions from both the 'default' spellchecker
- and from the 'wordbreak' spellchecker and combine them.
- collations (re-written queries) can include a combination of
- corrections from both spellcheckers -->
- <str name="spellcheck.dictionary">default</str>
- <str name="spellcheck.dictionary">wordbreak</str>
- <str name="spellcheck">on</str>
- <str name="spellcheck.extendedResults">true</str>
- <str name="spellcheck.count">10</str>
- <str name="spellcheck.alternativeTermCount">5</str>
- <str name="spellcheck.maxResultsForSuggest">5</str>
- <str name="spellcheck.collate">true</str>
- <str name="spellcheck.collateExtendedResults">true</str>
- <str name="spellcheck.maxCollationTries">10</str>
- <str name="spellcheck.maxCollations">5</str>
- </lst>
- <arr name="last-components">
- <str>spellcheck</str>
- </arr>
- </requestHandler>
-
- <searchComponent name="suggest" class="solr.SuggestComponent">
- <lst name="suggester">
- <str name="name">mySuggester</str>
- <str name="lookupImpl">FuzzyLookupFactory</str> <!-- org.apache.solr.spelling.suggest.fst -->
- <str name="dictionaryImpl">DocumentDictionaryFactory</str> <!-- org.apache.solr.spelling.suggest.HighFrequencyDictionaryFactory -->
- <str name="field">cat</str>
- <str name="weightField">price</str>
- <str name="suggestAnalyzerFieldType">string</str>
- </lst>
- </searchComponent>
-
- <requestHandler name="/suggest" class="solr.SearchHandler" startup="lazy">
- <lst name="defaults">
- <str name="suggest">true</str>
- <str name="suggest.count">10</str>
- </lst>
- <arr name="components">
- <str>suggest</str>
- </arr>
- </requestHandler>
- <!-- Term Vector Component
-
- http://wiki.apache.org/solr/TermVectorComponent
- -->
- <searchComponent name="tvComponent" class="solr.TermVectorComponent"/>
-
- <!-- A request handler for demonstrating the term vector component
-
- This is purely as an example.
-
- In reality you will likely want to add the component to your
- already specified request handlers.
- -->
- <requestHandler name="/tvrh" class="solr.SearchHandler" startup="lazy">
- <lst name="defaults">
- <str name="df">text</str>
- <bool name="tv">true</bool>
- </lst>
- <arr name="last-components">
- <str>tvComponent</str>
- </arr>
- </requestHandler>
-
- <!-- Clustering Component
-
- You'll need to set the solr.clustering.enabled system property
- when running solr to run with clustering enabled:
-
- java -Dsolr.clustering.enabled=true -jar start.jar
-
- http://wiki.apache.org/solr/ClusteringComponent
- http://carrot2.github.io/solr-integration-strategies/
- -->
- <searchComponent name="clustering"
- enable="${solr.clustering.enabled:false}"
- class="solr.clustering.ClusteringComponent" >
- <lst name="engine">
- <str name="name">lingo</str>
-
- <!-- Class name of a clustering algorithm compatible with the Carrot2 framework.
-
- Currently available open source algorithms are:
- * org.carrot2.clustering.lingo.LingoClusteringAlgorithm
- * org.carrot2.clustering.stc.STCClusteringAlgorithm
- * org.carrot2.clustering.kmeans.BisectingKMeansClusteringAlgorithm
-
- See http://project.carrot2.org/algorithms.html for more information.
-
- A commercial algorithm Lingo3G (needs to be installed separately) is defined as:
- * com.carrotsearch.lingo3g.Lingo3GClusteringAlgorithm
- -->
- <str name="carrot.algorithm">org.carrot2.clustering.lingo.LingoClusteringAlgorithm</str>
-
- <!-- Override location of the clustering algorithm's resources
- (attribute definitions and lexical resources).
-
- A directory from which to load algorithm-specific stop words,
- stop labels and attribute definition XMLs.
-
- For an overview of Carrot2 lexical resources, see:
- http://download.carrot2.org/head/manual/#chapter.lexical-resources
-
- For an overview of Lingo3G lexical resources, see:
- http://download.carrotsearch.com/lingo3g/manual/#chapter.lexical-resources
- -->
- <str name="carrot.resourcesDir">clustering/carrot2</str>
- </lst>
-
- <!-- An example definition for the STC clustering algorithm. -->
- <lst name="engine">
- <str name="name">stc</str>
- <str name="carrot.algorithm">org.carrot2.clustering.stc.STCClusteringAlgorithm</str>
- </lst>
-
- <!-- An example definition for the bisecting kmeans clustering algorithm. -->
- <lst name="engine">
- <str name="name">kmeans</str>
- <str name="carrot.algorithm">org.carrot2.clustering.kmeans.BisectingKMeansClusteringAlgorithm</str>
- </lst>
- </searchComponent>
-
- <!-- A request handler for demonstrating the clustering component
-
- This is purely as an example.
-
- In reality you will likely want to add the component to your
- already specified request handlers.
- -->
- <requestHandler name="/clustering"
- startup="lazy"
- enable="${solr.clustering.enabled:false}"
- class="solr.SearchHandler">
- <lst name="defaults">
- <bool name="clustering">true</bool>
- <bool name="clustering.results">true</bool>
- <!-- Field name with the logical "title" of a each document (optional) -->
- <str name="carrot.title">name</str>
- <!-- Field name with the logical "URL" of a each document (optional) -->
- <str name="carrot.url">id</str>
- <!-- Field name with the logical "content" of a each document (optional) -->
- <str name="carrot.snippet">features</str>
- <!-- Apply highlighter to the title/ content and use this for clustering. -->
- <bool name="carrot.produceSummary">true</bool>
- <!-- the maximum number of labels per cluster -->
- <!--<int name="carrot.numDescriptions">5</int>-->
- <!-- produce sub clusters -->
- <bool name="carrot.outputSubClusters">false</bool>
-
- <!-- Configure the remaining request handler parameters. -->
- <str name="defType">edismax</str>
- <str name="qf">
- text^0.5 features^1.0 name^1.2 sku^1.5 id^10.0 manu^1.1 cat^1.4
- </str>
- <str name="q.alt">*:*</str>
- <str name="rows">10</str>
- <str name="fl">*,score</str>
- </lst>
- <arr name="last-components">
- <str>clustering</str>
- </arr>
- </requestHandler>
-
- <!-- Terms Component
-
- http://wiki.apache.org/solr/TermsComponent
-
- A component to return terms and document frequency of those
- terms
- -->
- <searchComponent name="terms" class="solr.TermsComponent"/>
-
- <!-- A request handler for demonstrating the terms component -->
- <requestHandler name="/terms" class="solr.SearchHandler" startup="lazy">
- <lst name="defaults">
- <bool name="terms">true</bool>
- <bool name="distrib">false</bool>
- </lst>
- <arr name="components">
- <str>terms</str>
- </arr>
- </requestHandler>
-
-
- <!-- Query Elevation Component
-
- http://wiki.apache.org/solr/QueryElevationComponent
-
- a search component that enables you to configure the top
- results for a given query regardless of the normal lucene
- scoring.
- -->
- <searchComponent name="elevator" class="solr.QueryElevationComponent" >
- <!-- pick a fieldType to analyze queries -->
- <str name="queryFieldType">string</str>
- <str name="config-file">elevate.xml</str>
- </searchComponent>
-
- <!-- A request handler for demonstrating the elevator component -->
- <requestHandler name="/elevate" class="solr.SearchHandler" startup="lazy">
- <lst name="defaults">
- <str name="echoParams">explicit</str>
- <str name="df">text</str>
- </lst>
- <arr name="last-components">
- <str>elevator</str>
- </arr>
- </requestHandler>
-
- <!-- Highlighting Component
-
- http://wiki.apache.org/solr/HighlightingParameters
- -->
- <searchComponent class="solr.HighlightComponent" name="highlight">
- <highlighting>
- <!-- Configure the standard fragmenter -->
- <!-- This could most likely be commented out in the "default" case -->
- <fragmenter name="gap"
- default="true"
- class="solr.highlight.GapFragmenter">
- <lst name="defaults">
- <int name="hl.fragsize">100</int>
- </lst>
- </fragmenter>
-
- <!-- A regular-expression-based fragmenter
- (for sentence extraction)
- -->
- <fragmenter name="regex"
- class="solr.highlight.RegexFragmenter">
- <lst name="defaults">
- <!-- slightly smaller fragsizes work better because of slop -->
- <int name="hl.fragsize">70</int>
- <!-- allow 50% slop on fragment sizes -->
- <float name="hl.regex.slop">0.5</float>
- <!-- a basic sentence pattern -->
- <str name="hl.regex.pattern">[-\w ,/\n\"']{20,200}</str>
- </lst>
- </fragmenter>
-
- <!-- Configure the standard formatter -->
- <formatter name="html"
- default="true"
- class="solr.highlight.HtmlFormatter">
- <lst name="defaults">
- <str name="hl.simple.pre"><![CDATA[<em>]]></str>
- <str name="hl.simple.post"><![CDATA[</em>]]></str>
- </lst>
- </formatter>
-
- <!-- Configure the standard encoder -->
- <encoder name="html"
- class="solr.highlight.HtmlEncoder" />
-
- <!-- Configure the standard fragListBuilder -->
- <fragListBuilder name="simple"
- class="solr.highlight.SimpleFragListBuilder"/>
-
- <!-- Configure the single fragListBuilder -->
- <fragListBuilder name="single"
- class="solr.highlight.SingleFragListBuilder"/>
-
- <!-- Configure the weighted fragListBuilder -->
- <fragListBuilder name="weighted"
- default="true"
- class="solr.highlight.WeightedFragListBuilder"/>
-
- <!-- default tag FragmentsBuilder -->
- <fragmentsBuilder name="default"
- default="true"
- class="solr.highlight.ScoreOrderFragmentsBuilder">
- <!--
- <lst name="defaults">
- <str name="hl.multiValuedSeparatorChar">/</str>
- </lst>
- -->
- </fragmentsBuilder>
-
- <!-- multi-colored tag FragmentsBuilder -->
- <fragmentsBuilder name="colored"
- class="solr.highlight.ScoreOrderFragmentsBuilder">
- <lst name="defaults">
- <str name="hl.tag.pre"><![CDATA[
- <b style="background:yellow">,<b style="background:lawgreen">,
- <b style="background:aquamarine">,<b style="background:magenta">,
- <b style="background:palegreen">,<b style="background:coral">,
- <b style="background:wheat">,<b style="background:khaki">,
- <b style="background:lime">,<b style="background:deepskyblue">]]></str>
- <str name="hl.tag.post"><![CDATA[</b>]]></str>
- </lst>
- </fragmentsBuilder>
-
- <boundaryScanner name="default"
- default="true"
- class="solr.highlight.SimpleBoundaryScanner">
- <lst name="defaults">
- <str name="hl.bs.maxScan">10</str>
- <str name="hl.bs.chars">.,!? 	 </str>
- </lst>
- </boundaryScanner>
-
- <boundaryScanner name="breakIterator"
- class="solr.highlight.BreakIteratorBoundaryScanner">
- <lst name="defaults">
- <!-- type should be one of CHARACTER, WORD(default), LINE and SENTENCE -->
- <str name="hl.bs.type">WORD</str>
- <!-- language and country are used when constructing Locale object. -->
- <!-- And the Locale object will be used when getting instance of BreakIterator -->
- <str name="hl.bs.language">en</str>
- <str name="hl.bs.country">US</str>
- </lst>
- </boundaryScanner>
- </highlighting>
- </searchComponent>
-
- <!-- Update Processors
-
- Chains of Update Processor Factories for dealing with Update
- Requests can be declared, and then used by name in Update
- Request Processors
-
- http://wiki.apache.org/solr/UpdateRequestProcessor
-
- -->
-
- <!-- Add unknown fields to the schema
-
- An example field type guessing update processor that will
- attempt to parse string-typed field values as Booleans, Longs,
- Doubles, or Dates, and then add schema fields with the guessed
- field types.
-
- This requires that the schema is both managed and mutable, by
- declaring schemaFactory as ManagedIndexSchemaFactory, with
- mutable specified as true.
-
- See http://wiki.apache.org/solr/GuessingFieldTypes
- -->
- <updateRequestProcessorChain name="add-unknown-fields-to-the-schema">
- <processor class="solr.DefaultValueUpdateProcessorFactory">
- <str name="fieldName">_ttl_</str>
- <str name="value">+{{ranger_audit_max_retention_days}}DAYS</str>
- </processor>
- <processor class="solr.processor.DocExpirationUpdateProcessorFactory">
- <int name="autoDeletePeriodSeconds">86400</int>
- <str name="ttlFieldName">_ttl_</str>
- <str name="expirationFieldName">_expire_at_</str>
- </processor>
- <processor class="solr.FirstFieldValueUpdateProcessorFactory">
- <str name="fieldName">_expire_at_</str>
- </processor>
-
- <processor class="solr.RemoveBlankFieldUpdateProcessorFactory"/>
- <processor class="solr.ParseBooleanFieldUpdateProcessorFactory"/>
- <processor class="solr.ParseLongFieldUpdateProcessorFactory"/>
- <processor class="solr.ParseDoubleFieldUpdateProcessorFactory"/>
- <processor class="solr.ParseDateFieldUpdateProcessorFactory">
- <arr name="format">
- <str>yyyy-MM-dd'T'HH:mm:ss.SSSZ</str>
- <str>yyyy-MM-dd'T'HH:mm:ss,SSSZ</str>
- <str>yyyy-MM-dd'T'HH:mm:ss.SSS</str>
- <str>yyyy-MM-dd'T'HH:mm:ss,SSS</str>
- <str>yyyy-MM-dd'T'HH:mm:ssZ</str>
- <str>yyyy-MM-dd'T'HH:mm:ss</str>
- <str>yyyy-MM-dd'T'HH:mmZ</str>
- <str>yyyy-MM-dd'T'HH:mm</str>
- <str>yyyy-MM-dd HH:mm:ss.SSSZ</str>
- <str>yyyy-MM-dd HH:mm:ss,SSSZ</str>
- <str>yyyy-MM-dd HH:mm:ss.SSS</str>
- <str>yyyy-MM-dd HH:mm:ss,SSS</str>
- <str>yyyy-MM-dd HH:mm:ssZ</str>
- <str>yyyy-MM-dd HH:mm:ss</str>
- <str>yyyy-MM-dd HH:mmZ</str>
- <str>yyyy-MM-dd HH:mm</str>
- <str>yyyy-MM-dd</str>
- </arr>
- </processor>
- <processor class="solr.AddSchemaFieldsUpdateProcessorFactory">
- <str name="defaultFieldType">key_lower_case</str>
- <lst name="typeMapping">
- <str name="valueClass">java.lang.Boolean</str>
- <str name="fieldType">boolean</str>
- </lst>
- <lst name="typeMapping">
- <str name="valueClass">java.util.Date</str>
- <str name="fieldType">tdate</str>
- </lst>
- <lst name="typeMapping">
- <str name="valueClass">java.lang.Long</str>
- <str name="valueClass">java.lang.Integer</str>
- <str name="fieldType">tlong</str>
- </lst>
- <lst name="typeMapping">
- <str name="valueClass">java.lang.Number</str>
- <str name="fieldType">tdouble</str>
- </lst>
- </processor>
- <processor class="solr.LogUpdateProcessorFactory"/>
- <processor class="solr.RunUpdateProcessorFactory"/>
- </updateRequestProcessorChain>
-
-
- <!-- Deduplication
-
- An example dedup update processor that creates the "id" field
- on the fly based on the hash code of some other fields. This
- example has overwriteDupes set to false since we are using the
- id field as the signatureField and Solr will maintain
- uniqueness based on that anyway.
-
- -->
- <!--
- <updateRequestProcessorChain name="dedupe">
- <processor class="solr.processor.SignatureUpdateProcessorFactory">
- <bool name="enabled">true</bool>
- <str name="signatureField">id</str>
- <bool name="overwriteDupes">false</bool>
- <str name="fields">name,features,cat</str>
- <str name="signatureClass">solr.processor.Lookup3Signature</str>
- </processor>
- <processor class="solr.LogUpdateProcessorFactory" />
- <processor class="solr.RunUpdateProcessorFactory" />
- </updateRequestProcessorChain>
- -->
-
- <!-- Language identification
-
- This example update chain identifies the language of the incoming
- documents using the langid contrib. The detected language is
- written to field language_s. No field name mapping is done.
- The fields used for detection are text, title, subject and description,
- making this example suitable for detecting languages form full-text
- rich documents injected via ExtractingRequestHandler.
- See more about langId at http://wiki.apache.org/solr/LanguageDetection
- -->
- <!--
- <updateRequestProcessorChain name="langid">
- <processor class="org.apache.solr.update.processor.TikaLanguageIdentifierUpdateProcessorFactory">
- <str name="langid.fl">text,title,subject,description</str>
- <str name="langid.langField">language_s</str>
- <str name="langid.fallback">en</str>
- </processor>
- <processor class="solr.LogUpdateProcessorFactory" />
- <processor class="solr.RunUpdateProcessorFactory" />
- </updateRequestProcessorChain>
- -->
-
- <!-- Script update processor
-
- This example hooks in an update processor implemented using JavaScript.
-
- See more about the script update processor at http://wiki.apache.org/solr/ScriptUpdateProcessor
- -->
- <!--
- <updateRequestProcessorChain name="script">
- <processor class="solr.StatelessScriptUpdateProcessorFactory">
- <str name="script">update-script.js</str>
- <lst name="params">
- <str name="config_param">example config parameter</str>
- </lst>
- </processor>
- <processor class="solr.RunUpdateProcessorFactory" />
- </updateRequestProcessorChain>
- -->
-
- <!-- Response Writers
-
- http://wiki.apache.org/solr/QueryResponseWriter
-
- Request responses will be written using the writer specified by
- the 'wt' request parameter matching the name of a registered
- writer.
-
- The "default" writer is the default and will be used if 'wt' is
- not specified in the request.
- -->
- <!-- The following response writers are implicitly configured unless
- overridden...
- -->
- <!--
- <queryResponseWriter name="xml"
- default="true"
- class="solr.XMLResponseWriter" />
- <queryResponseWriter name="json" class="solr.JSONResponseWriter"/>
- <queryResponseWriter name="python" class="solr.PythonResponseWriter"/>
- <queryResponseWriter name="ruby" class="solr.RubyResponseWriter"/>
- <queryResponseWriter name="php" class="solr.PHPResponseWriter"/>
- <queryResponseWriter name="phps" class="solr.PHPSerializedResponseWriter"/>
- <queryResponseWriter name="csv" class="solr.CSVResponseWriter"/>
- <queryResponseWriter name="schema.xml" class="solr.SchemaXmlResponseWriter"/>
- -->
-
- <queryResponseWriter name="json" class="solr.JSONResponseWriter">
- <!-- For the purposes of the tutorial, JSON responses are written as
- plain text so that they are easy to read in *any* browser.
- If you expect a MIME type of "application/json" just remove this override.
- -->
- <str name="content-type">text/plain; charset=UTF-8</str>
- </queryResponseWriter>
-
- <!--
- Custom response writers can be declared as needed...
- -->
- <queryResponseWriter name="velocity" class="solr.VelocityResponseWriter" startup="lazy">
- <str name="template.base.dir">${velocity.template.base.dir:}</str>
- </queryResponseWriter>
-
- <!-- XSLT response writer transforms the XML output by any xslt file found
- in Solr's conf/xslt directory. Changes to xslt files are checked for
- every xsltCacheLifetimeSeconds.
- -->
- <queryResponseWriter name="xslt" class="solr.XSLTResponseWriter">
- <int name="xsltCacheLifetimeSeconds">5</int>
- </queryResponseWriter>
-
- <!-- Query Parsers
-
- http://wiki.apache.org/solr/SolrQuerySyntax
-
- Multiple QParserPlugins can be registered by name, and then
- used in either the "defType" param for the QueryComponent (used
- by SearchHandler) or in LocalParams
- -->
- <!-- example of registering a query parser -->
- <!--
- <queryParser name="myparser" class="com.mycompany.MyQParserPlugin"/>
- -->
-
- <!-- Function Parsers
-
- http://wiki.apache.org/solr/FunctionQuery
-
- Multiple ValueSourceParsers can be registered by name, and then
- used as function names when using the "func" QParser.
- -->
- <!-- example of registering a custom function parser -->
- <!--
- <valueSourceParser name="myfunc"
- class="com.mycompany.MyValueSourceParser" />
- -->
-
-
- <!-- Document Transformers
- http://wiki.apache.org/solr/DocTransformers
- -->
- <!--
- Could be something like:
- <transformer name="db" class="com.mycompany.LoadFromDatabaseTransformer" >
- <int name="connection">jdbc://....</int>
- </transformer>
-
- To add a constant value to all docs, use:
- <transformer name="mytrans2" class="org.apache.solr.response.transform.ValueAugmenterFactory" >
- <int name="value">5</int>
- </transformer>
-
- If you want the user to still be able to change it with _value:something_ use this:
- <transformer name="mytrans3" class="org.apache.solr.response.transform.ValueAugmenterFactory" >
- <double name="defaultValue">5</double>
- </transformer>
-
- If you are using the QueryElevationComponent, you may wish to mark documents that get boosted. The
- EditorialMarkerFactory will do exactly that:
- <transformer name="qecBooster" class="org.apache.solr.response.transform.EditorialMarkerFactory" />
- -->
-
-
- <!-- Legacy config for the admin interface -->
- <admin>
- <defaultQuery>*:*</defaultQuery>
- </admin>
-
-</config>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/quicklinks/quicklinks.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/quicklinks/quicklinks.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/quicklinks/quicklinks.json
deleted file mode 100644
index d75d5f1..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/quicklinks/quicklinks.json
+++ /dev/null
@@ -1,41 +0,0 @@
-{
- "name": "default",
- "description": "default quick links configuration",
- "configuration": {
- "protocol":
- {
- "type":"https",
- "checks":[
- {
- "property":"ranger.service.https.attrib.ssl.enabled",
- "desired":"true",
- "site":"ranger-admin-site"
- },
- {
- "property":"ranger.service.http.enabled",
- "desired":"false",
- "site":"ranger-admin-site"
- }
- ]
- },
-
- "links": [
- {
- "name": "ranger_admin_ui",
- "label": "Ranger Admin UI",
- "component_name" : "RANGER_ADMIN",
- "requires_user_name": "false",
- "url": "%@://%@:%@",
- "attributes": ["authenticated", "sso"],
- "port":{
- "http_property": "ranger.service.http.port",
- "http_default_port": "6080",
- "https_property": "ranger.service.https.port",
- "https_default_port": "6182",
- "regex": "(\\d*)+",
- "site": "ranger-admin-site"
- }
- }
- ]
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/role_command_order.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/role_command_order.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/role_command_order.json
deleted file mode 100644
index 557e9ac..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/role_command_order.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "general_deps" : {
- "_comment" : "dependencies for RANGER",
- "RANGER_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_ADMIN-START"],
- "RANGER_SERVICE_CHECK-SERVICE_CHECK" : ["RANGER_USERSYNC-START"],
- "RANGER_USERSYNC-START" : ["RANGER_ADMIN-START"],
- "RANGER_ADMIN-START": ["ZOOKEEPER_SERVER-START", "INFRA_SOLR-START"]
- }
-}
[14/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py
deleted file mode 100644
index 26e6578..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/setup_ranger_xml.py
+++ /dev/null
@@ -1,853 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-import os
-import re
-from resource_management.libraries.script import Script
-from resource_management.libraries.functions.default import default
-from resource_management.core.logger import Logger
-from resource_management.core.resources.system import File, Directory, Execute, Link
-from resource_management.core.source import DownloadSource, InlineTemplate, Template
-from resource_management.libraries.resources.xml_config import XmlConfig
-from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile
-from resource_management.libraries.resources.properties_file import PropertiesFile
-from resource_management.core.exceptions import Fail
-from resource_management.libraries.functions.decorator import retry
-from resource_management.libraries.functions.format import format
-from resource_management.libraries.functions.is_empty import is_empty
-from resource_management.core.utils import PasswordString
-from resource_management.core.shell import as_sudo
-from resource_management.libraries.functions import solr_cloud_util
-from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
-from resource_management.core.exceptions import ExecutionFailed
-
-# This file contains functions used for setup/configure of Ranger Admin and Ranger Usersync.
-# The design is to mimic what is done by the setup.sh script bundled by Ranger component currently.
-
-def ranger(name=None, upgrade_type=None):
- """
- parameter name: name of ranger service component
- """
- if name == 'ranger_admin':
- setup_ranger_admin(upgrade_type=upgrade_type)
-
- if name == 'ranger_usersync':
- setup_usersync(upgrade_type=upgrade_type)
-
- if name == 'ranger_tagsync':
- setup_tagsync(upgrade_type=upgrade_type)
-
-def setup_ranger_admin(upgrade_type=None):
- import params
-
- if upgrade_type is None:
- upgrade_type = Script.get_upgrade_type(default("/commandParams/upgrade_type", ""))
-
- ranger_home = params.ranger_home
- ranger_conf = params.ranger_conf
-
- Directory(ranger_conf,
- owner = params.unix_user,
- group = params.unix_group,
- create_parents = True
- )
-
- copy_jdbc_connector()
-
- File(format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"),
- content = DownloadSource(format("{jdk_location}{check_db_connection_jar_name}")),
- mode = 0644,
- )
-
- cp = format("{check_db_connection_jar}")
- if params.db_flavor.lower() == 'sqla':
- cp = cp + os.pathsep + format("{ranger_home}/ews/lib/sajdbc4.jar")
- else:
- cp = cp + os.pathsep + format("{driver_curl_target}")
- cp = cp + os.pathsep + format("{ranger_home}/ews/lib/*")
-
- db_connection_check_command = format(
- "{java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_jdbc_connection_url}' {ranger_db_user} {ranger_db_password!p} {ranger_jdbc_driver}")
-
- env_dict = {}
- if params.db_flavor.lower() == 'sqla':
- env_dict = {'LD_LIBRARY_PATH':params.ld_lib_path}
-
- Execute(db_connection_check_command, path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', tries=5, try_sleep=10, environment=env_dict)
-
- Execute(('ln','-sf', format('{ranger_home}/ews/webapp/WEB-INF/classes/conf'), format('{ranger_home}/conf')),
- not_if=format("ls {ranger_home}/conf"),
- only_if=format("ls {ranger_home}/ews/webapp/WEB-INF/classes/conf"),
- sudo=True)
-
- if upgrade_type is not None:
- src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml')
- dst_file = format('{ranger_home}/conf/ranger-admin-default-site.xml')
- Execute(('cp', '-f', src_file, dst_file), sudo=True)
-
- src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml')
- dst_file = format('{ranger_home}/conf/security-applicationContext.xml')
-
- Execute(('cp', '-f', src_file, dst_file), sudo=True)
-
- Directory(format('{ranger_home}/'),
- owner = params.unix_user,
- group = params.unix_group,
- recursive_ownership = True,
- )
-
- Directory(params.ranger_pid_dir,
- mode=0755,
- owner = params.unix_user,
- group = params.user_group,
- cd_access = "a",
- create_parents=True
- )
-
- if params.stack_supports_pid:
- File(format('{ranger_conf}/ranger-admin-env-piddir.sh'),
- content = format("export RANGER_PID_DIR_PATH={ranger_pid_dir}\nexport RANGER_USER={unix_user}"),
- owner = params.unix_user,
- group = params.unix_group,
- mode=0755
- )
-
- Directory(params.admin_log_dir,
- owner = params.unix_user,
- group = params.unix_group,
- create_parents = True,
- cd_access='a',
- mode=0755
- )
-
- File(format('{ranger_conf}/ranger-admin-env-logdir.sh'),
- content = format("export RANGER_ADMIN_LOG_DIR={admin_log_dir}"),
- owner = params.unix_user,
- group = params.unix_group,
- mode=0755
- )
-
- if os.path.isfile(params.ranger_admin_default_file):
- File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
- else:
- Logger.warning('Required file {0} does not exist, copying the file to {1} path'.format(params.ranger_admin_default_file, ranger_conf))
- src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/ranger-admin-default-site.xml')
- dst_file = format('{ranger_home}/conf/ranger-admin-default-site.xml')
- Execute(('cp', '-f', src_file, dst_file), sudo=True)
- File(params.ranger_admin_default_file, owner=params.unix_user, group=params.unix_group)
-
- if os.path.isfile(params.security_app_context_file):
- File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
- else:
- Logger.warning('Required file {0} does not exist, copying the file to {1} path'.format(params.security_app_context_file, ranger_conf))
- src_file = format('{ranger_home}/ews/webapp/WEB-INF/classes/conf.dist/security-applicationContext.xml')
- dst_file = format('{ranger_home}/conf/security-applicationContext.xml')
- Execute(('cp', '-f', src_file, dst_file), sudo=True)
- File(params.security_app_context_file, owner=params.unix_user, group=params.unix_group)
-
- if upgrade_type is not None and params.stack_supports_config_versioning:
- if os.path.islink('/usr/bin/ranger-admin'):
- Link('/usr/bin/ranger-admin', action="delete")
-
- Link('/usr/bin/ranger-admin',
- to=format('{ranger_home}/ews/ranger-admin-services.sh'))
-
- if default("/configurations/ranger-admin-site/ranger.authentication.method", "") == 'PAM':
- d = '/etc/pam.d'
- if os.path.isdir(d):
- if os.path.isfile(os.path.join(d, 'ranger-admin')):
- Logger.info('ranger-admin PAM file already exists.')
- else:
- File(format('{d}/ranger-admin'),
- content=Template('ranger_admin_pam.j2'),
- owner = params.unix_user,
- group = params.unix_group,
- mode=0644
- )
- if os.path.isfile(os.path.join(d, 'ranger-remote')):
- Logger.info('ranger-remote PAM file already exists.')
- else:
- File(format('{d}/ranger-remote'),
- content=Template('ranger_remote_pam.j2'),
- owner = params.unix_user,
- group = params.unix_group,
- mode=0644
- )
- else:
- Logger.error("Unable to use PAM authentication, /etc/pam.d/ directory does not exist.")
-
- Execute(('ln','-sf', format('{ranger_home}/ews/ranger-admin-services.sh'),'/usr/bin/ranger-admin'),
- not_if=format("ls /usr/bin/ranger-admin"),
- only_if=format("ls {ranger_home}/ews/ranger-admin-services.sh"),
- sudo=True)
-
- # remove plain-text password from xml configs
-
- ranger_admin_site_copy = {}
- ranger_admin_site_copy.update(params.config['configurations']['ranger-admin-site'])
- for prop in params.ranger_admin_password_properties:
- if prop in ranger_admin_site_copy:
- ranger_admin_site_copy[prop] = "_"
-
- XmlConfig("ranger-admin-site.xml",
- conf_dir=ranger_conf,
- configurations=ranger_admin_site_copy,
- configuration_attributes=params.config['configuration_attributes']['ranger-admin-site'],
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644)
-
- Directory(os.path.join(ranger_conf,'ranger_jaas'),
- mode=0700,
- owner=params.unix_user,
- group=params.unix_group,
- )
-
- if params.stack_supports_ranger_log4j:
- File(format('{ranger_home}/ews/webapp/WEB-INF/log4j.properties'),
- owner=params.unix_user,
- group=params.unix_group,
- content=InlineTemplate(params.admin_log4j),
- mode=0644
- )
-
- do_keystore_setup(upgrade_type=upgrade_type)
-
- create_core_site_xml(ranger_conf)
-
- if params.stack_supports_ranger_kerberos and params.security_enabled:
- if params.is_hbase_ha_enabled and params.ranger_hbase_plugin_enabled:
- XmlConfig("hbase-site.xml",
- conf_dir=ranger_conf,
- configurations=params.config['configurations']['hbase-site'],
- configuration_attributes=params.config['configuration_attributes']['hbase-site'],
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644
- )
-
- if params.is_namenode_ha_enabled and params.ranger_hdfs_plugin_enabled:
- XmlConfig("hdfs-site.xml",
- conf_dir=ranger_conf,
- configurations=params.config['configurations']['hdfs-site'],
- configuration_attributes=params.config['configuration_attributes']['hdfs-site'],
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644
- )
-
-def setup_ranger_db(stack_version=None):
- import params
-
- ranger_home = params.ranger_home
- version = params.version
- if stack_version is not None:
- ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
- version = stack_version
-
- copy_jdbc_connector(stack_version=version)
-
- ModifyPropertiesFile(format("{ranger_home}/install.properties"),
- properties = {'audit_store': params.ranger_audit_source_type},
- owner = params.unix_user,
- )
-
- env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
- if params.db_flavor.lower() == 'sqla':
- env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
-
- # User wants us to setup the DB user and DB?
- if params.create_db_dbuser:
- Logger.info('Setting up Ranger DB and DB User')
- dba_setup = format('ambari-python-wrap {ranger_home}/dba_script.py -q')
- Execute(dba_setup,
- environment=env_dict,
- logoutput=True,
- user=params.unix_user,
- )
- else:
- Logger.info('Separate DBA property not set. Assuming Ranger DB and DB User exists!')
-
- db_setup = format('ambari-python-wrap {ranger_home}/db_setup.py')
- Execute(db_setup,
- environment=env_dict,
- logoutput=True,
- user=params.unix_user,
- )
-
-
-def setup_java_patch(stack_version=None):
- import params
-
- ranger_home = params.ranger_home
- if stack_version is not None:
- ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
-
- env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home}
- if params.db_flavor.lower() == 'sqla':
- env_dict = {'RANGER_ADMIN_HOME':ranger_home, 'JAVA_HOME':params.java_home, 'LD_LIBRARY_PATH':params.ld_lib_path}
-
- setup_java_patch = format('ambari-python-wrap {ranger_home}/db_setup.py -javapatch')
- Execute(setup_java_patch,
- environment=env_dict,
- logoutput=True,
- user=params.unix_user,
- )
-
-
-def do_keystore_setup(upgrade_type=None):
- import params
-
- ranger_home = params.ranger_home
- cred_lib_path = params.cred_lib_path
-
- if not is_empty(params.ranger_credential_provider_path):
- ranger_credential_helper(cred_lib_path, params.ranger_jpa_jdbc_credential_alias, params.ranger_ambari_db_password, params.ranger_credential_provider_path)
-
- File(params.ranger_credential_provider_path,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
- if not is_empty(params.ranger_credential_provider_path) and (params.ranger_audit_source_type).lower() == 'db' and not is_empty(params.ranger_ambari_audit_db_password):
- ranger_credential_helper(cred_lib_path, params.ranger_jpa_audit_jdbc_credential_alias, params.ranger_ambari_audit_db_password, params.ranger_credential_provider_path)
-
- File(params.ranger_credential_provider_path,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
- if params.ranger_auth_method.upper() == "LDAP":
- ranger_credential_helper(params.cred_lib_path, params.ranger_ldap_password_alias, params.ranger_usersync_ldap_ldapbindpassword, params.ranger_credential_provider_path)
-
- File(params.ranger_credential_provider_path,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
- if params.ranger_auth_method.upper() == "ACTIVE_DIRECTORY":
- ranger_credential_helper(params.cred_lib_path, params.ranger_ad_password_alias, params.ranger_usersync_ldap_ldapbindpassword, params.ranger_credential_provider_path)
-
- File(params.ranger_credential_provider_path,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
- if params.stack_supports_secure_ssl_password:
- ranger_credential_helper(params.cred_lib_path, params.ranger_truststore_alias, params.truststore_password, params.ranger_credential_provider_path)
-
- if params.https_enabled and not params.http_enabled:
- ranger_credential_helper(params.cred_lib_path, params.ranger_https_keystore_alias, params.https_keystore_password, params.ranger_credential_provider_path)
-
- File(params.ranger_credential_provider_path,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
-def password_validation(password):
- import params
- if password.strip() == "":
- raise Fail("Blank password is not allowed for Bind user. Please enter valid password.")
- if re.search("[\\\`'\"]",password):
- raise Fail("LDAP/AD bind password contains one of the unsupported special characters like \" ' \ `")
- else:
- Logger.info("password validated")
-
-def copy_jdbc_connector(stack_version=None):
- import params
-
- if params.jdbc_jar_name is None and params.driver_curl_source.endswith("/None"):
- error_message = format("{db_flavor} jdbc driver cannot be downloaded from {jdk_location}\nPlease run 'ambari-server setup --jdbc-db={db_flavor} --jdbc-driver={{path_to_jdbc}}' on ambari-server host.")
- raise Fail(error_message)
-
- if params.driver_curl_source and not params.driver_curl_source.endswith("/None"):
- if params.previous_jdbc_jar and os.path.isfile(params.previous_jdbc_jar):
- File(params.previous_jdbc_jar, action='delete')
-
- File(params.downloaded_custom_connector,
- content = DownloadSource(params.driver_curl_source),
- mode = 0644
- )
-
- ranger_home = params.ranger_home
- if stack_version is not None:
- ranger_home = format("{stack_root}/{stack_version}/ranger-admin")
-
- driver_curl_target = format("{ranger_home}/ews/lib/{jdbc_jar_name}")
-
- if params.db_flavor.lower() == 'sqla':
- Execute(('tar', '-xvf', params.downloaded_custom_connector, '-C', params.tmp_dir), sudo = True)
-
- Execute(('cp', '--remove-destination', params.jar_path_in_archive, os.path.join(ranger_home, 'ews', 'lib')),
- path=["/bin", "/usr/bin/"],
- sudo=True)
-
- File(os.path.join(ranger_home, 'ews', 'lib', 'sajdbc4.jar'), mode=0644)
-
- Directory(params.jdbc_libs_dir,
- cd_access="a",
- create_parents=True)
-
- Execute(as_sudo(['yes', '|', 'cp', params.libs_path_in_archive, params.jdbc_libs_dir], auto_escape=False),
- path=["/bin", "/usr/bin/"])
- else:
- Execute(('cp', '--remove-destination', params.downloaded_custom_connector, os.path.join(ranger_home, 'ews', 'lib')),
- path=["/bin", "/usr/bin/"],
- sudo=True)
-
- File(os.path.join(ranger_home, 'ews', 'lib',params.jdbc_jar_name), mode=0644)
-
- ModifyPropertiesFile(format("{ranger_home}/install.properties"),
- properties = params.config['configurations']['admin-properties'],
- owner = params.unix_user,
- )
-
- if params.db_flavor.lower() == 'sqla':
- ModifyPropertiesFile(format("{ranger_home}/install.properties"),
- properties = {'SQL_CONNECTOR_JAR': format('{ranger_home}/ews/lib/sajdbc4.jar')},
- owner = params.unix_user,
- )
- else:
- ModifyPropertiesFile(format("{ranger_home}/install.properties"),
- properties = {'SQL_CONNECTOR_JAR': format('{driver_curl_target}')},
- owner = params.unix_user,
- )
-
-def setup_usersync(upgrade_type=None):
- import params
-
- usersync_home = params.usersync_home
- ranger_home = params.ranger_home
- ranger_ugsync_conf = params.ranger_ugsync_conf
-
- if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
- password_validation(params.ranger_usersync_ldap_ldapbindpassword)
-
- Directory(params.ranger_pid_dir,
- mode=0755,
- owner = params.unix_user,
- group = params.user_group,
- cd_access = "a",
- create_parents=True
- )
-
- if params.stack_supports_pid:
- File(format('{ranger_ugsync_conf}/ranger-usersync-env-piddir.sh'),
- content = format("export USERSYNC_PID_DIR_PATH={ranger_pid_dir}\nexport UNIX_USERSYNC_USER={unix_user}"),
- owner = params.unix_user,
- group = params.unix_group,
- mode=0755
- )
-
- Directory(params.usersync_log_dir,
- owner = params.unix_user,
- group = params.unix_group,
- cd_access = 'a',
- create_parents=True,
- mode=0755,
- recursive_ownership = True
- )
-
- File(format('{ranger_ugsync_conf}/ranger-usersync-env-logdir.sh'),
- content = format("export logdir={usersync_log_dir}"),
- owner = params.unix_user,
- group = params.unix_group,
- mode=0755
- )
-
- Directory(format("{ranger_ugsync_conf}/"),
- owner = params.unix_user
- )
-
- if upgrade_type is not None:
- src_file = format('{usersync_home}/conf.dist/ranger-ugsync-default.xml')
- dst_file = format('{usersync_home}/conf/ranger-ugsync-default.xml')
- Execute(('cp', '-f', src_file, dst_file), sudo=True)
-
- if params.stack_supports_ranger_log4j:
- File(format('{usersync_home}/conf/log4j.properties'),
- owner=params.unix_user,
- group=params.unix_group,
- content=InlineTemplate(params.usersync_log4j),
- mode=0644
- )
- elif upgrade_type is not None and not params.stack_supports_ranger_log4j:
- src_file = format('{usersync_home}/conf.dist/log4j.xml')
- dst_file = format('{usersync_home}/conf/log4j.xml')
- Execute(('cp', '-f', src_file, dst_file), sudo=True)
-
- # remove plain-text password from xml configs
- ranger_ugsync_site_copy = {}
- ranger_ugsync_site_copy.update(params.config['configurations']['ranger-ugsync-site'])
- for prop in params.ranger_usersync_password_properties:
- if prop in ranger_ugsync_site_copy:
- ranger_ugsync_site_copy[prop] = "_"
-
- XmlConfig("ranger-ugsync-site.xml",
- conf_dir=ranger_ugsync_conf,
- configurations=ranger_ugsync_site_copy,
- configuration_attributes=params.config['configuration_attributes']['ranger-ugsync-site'],
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644)
-
- if os.path.isfile(params.ranger_ugsync_default_file):
- File(params.ranger_ugsync_default_file, owner=params.unix_user, group=params.unix_group)
-
- if os.path.isfile(params.usgsync_log4j_file):
- File(params.usgsync_log4j_file, owner=params.unix_user, group=params.unix_group)
-
- if os.path.isfile(params.cred_validator_file):
- File(params.cred_validator_file, group=params.unix_group, mode=04555)
-
- ranger_credential_helper(params.ugsync_cred_lib, 'usersync.ssl.key.password', params.ranger_usersync_keystore_password, params.ugsync_jceks_path)
-
- if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
- ranger_credential_helper(params.ugsync_cred_lib, 'ranger.usersync.ldap.bindalias', params.ranger_usersync_ldap_ldapbindpassword, params.ugsync_jceks_path)
-
- ranger_credential_helper(params.ugsync_cred_lib, 'usersync.ssl.truststore.password', params.ranger_usersync_truststore_password, params.ugsync_jceks_path)
-
- File(params.ugsync_jceks_path,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
- File([params.usersync_start, params.usersync_stop],
- owner = params.unix_user,
- group = params.unix_group
- )
-
- File(params.usersync_services_file,
- mode = 0755,
- )
-
- Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
- not_if=format("ls /usr/bin/ranger-usersync"),
- only_if=format("ls {usersync_services_file}"),
- sudo=True)
-
- if not os.path.isfile(params.ranger_usersync_keystore_file):
- cmd = format("{java_home}/bin/keytool -genkeypair -keyalg RSA -alias selfsigned -keystore '{ranger_usersync_keystore_file}' -keypass {ranger_usersync_keystore_password!p} -storepass {ranger_usersync_keystore_password!p} -validity 3600 -keysize 2048 -dname '{default_dn_name}'")
-
- Execute(cmd, logoutput=True, user = params.unix_user)
-
- File(params.ranger_usersync_keystore_file,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
- create_core_site_xml(ranger_ugsync_conf)
-
-def setup_tagsync(upgrade_type=None):
- import params
-
- ranger_tagsync_home = params.ranger_tagsync_home
- ranger_home = params.ranger_home
- ranger_tagsync_conf = params.ranger_tagsync_conf
-
- Directory(format("{ranger_tagsync_conf}"),
- owner = params.unix_user,
- group = params.unix_group,
- create_parents = True
- )
-
- Directory(params.ranger_pid_dir,
- mode=0755,
- create_parents=True,
- owner = params.unix_user,
- group = params.user_group,
- cd_access = "a",
- )
-
- if params.stack_supports_pid:
- File(format('{ranger_tagsync_conf}/ranger-tagsync-env-piddir.sh'),
- content = format("export TAGSYNC_PID_DIR_PATH={ranger_pid_dir}\nexport UNIX_TAGSYNC_USER={unix_user}"),
- owner = params.unix_user,
- group = params.unix_group,
- mode=0755
- )
-
- Directory(params.tagsync_log_dir,
- create_parents = True,
- owner = params.unix_user,
- group = params.unix_group,
- cd_access = "a",
- mode=0755
- )
-
- File(format('{ranger_tagsync_conf}/ranger-tagsync-env-logdir.sh'),
- content = format("export RANGER_TAGSYNC_LOG_DIR={tagsync_log_dir}"),
- owner = params.unix_user,
- group = params.unix_group,
- mode=0755
- )
-
- XmlConfig("ranger-tagsync-site.xml",
- conf_dir=ranger_tagsync_conf,
- configurations=params.config['configurations']['ranger-tagsync-site'],
- configuration_attributes=params.config['configuration_attributes']['ranger-tagsync-site'],
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644)
- if params.stack_supports_ranger_tagsync_ssl_xml_support:
- Logger.info("Stack supports tagsync-ssl configurations, performing the same.")
- setup_tagsync_ssl_configs()
- else:
- Logger.info("Stack doesnt support tagsync-ssl configurations, skipping the same.")
-
- PropertiesFile(format('{ranger_tagsync_conf}/atlas-application.properties'),
- properties = params.tagsync_application_properties,
- mode=0755,
- owner=params.unix_user,
- group=params.unix_group
- )
-
- File(format('{ranger_tagsync_conf}/log4j.properties'),
- owner=params.unix_user,
- group=params.unix_group,
- content=InlineTemplate(params.tagsync_log4j),
- mode=0644
- )
-
- File(params.tagsync_services_file,
- mode = 0755,
- )
-
- Execute(('ln','-sf', format('{tagsync_services_file}'),'/usr/bin/ranger-tagsync'),
- not_if=format("ls /usr/bin/ranger-tagsync"),
- only_if=format("ls {tagsync_services_file}"),
- sudo=True)
-
- create_core_site_xml(ranger_tagsync_conf)
-
-def ranger_credential_helper(lib_path, alias_key, alias_value, file_path):
- import params
-
- java_bin = format('{java_home}/bin/java')
- file_path = format('jceks://file{file_path}')
- cmd = (java_bin, '-cp', lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', alias_key, '-value', PasswordString(alias_value), '-provider', file_path)
- Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True)
-
-def create_core_site_xml(conf_dir):
- import params
-
- if params.stack_supports_ranger_kerberos:
- if params.has_namenode:
- XmlConfig("core-site.xml",
- conf_dir=conf_dir,
- configurations=params.config['configurations']['core-site'],
- configuration_attributes=params.config['configuration_attributes']['core-site'],
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644
- )
- else:
- Logger.warning('HDFS service not installed. Creating core-site.xml file.')
- XmlConfig("core-site.xml",
- conf_dir=conf_dir,
- configurations=params.core_site_property,
- configuration_attributes={},
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644
- )
-
-def setup_ranger_audit_solr():
- import params
-
- if params.security_enabled and params.stack_supports_ranger_kerberos:
-
- if params.solr_jaas_file is not None:
- File(format("{solr_jaas_file}"),
- content=Template("ranger_solr_jaas_conf.j2"),
- owner=params.unix_user
- )
- try:
- check_znode()
-
- if params.stack_supports_ranger_solr_configs:
- Logger.info('Solr configrations supported,creating solr-configurations.')
- File(format("{ranger_solr_conf}/solrconfig.xml"),
- content=InlineTemplate(params.ranger_solr_config_content),
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644
- )
-
- solr_cloud_util.upload_configuration_to_zk(
- zookeeper_quorum = params.zookeeper_quorum,
- solr_znode = params.solr_znode,
- config_set = params.ranger_solr_config_set,
- config_set_dir = params.ranger_solr_conf,
- tmp_dir = params.tmp_dir,
- java64_home = params.java_home,
- solrconfig_content = InlineTemplate(params.ranger_solr_config_content),
- jaas_file=params.solr_jaas_file,
- retry=30, interval=5
- )
-
- else:
- Logger.info('Solr configrations not supported, skipping solr-configurations.')
- solr_cloud_util.upload_configuration_to_zk(
- zookeeper_quorum = params.zookeeper_quorum,
- solr_znode = params.solr_znode,
- config_set = params.ranger_solr_config_set,
- config_set_dir = params.ranger_solr_conf,
- tmp_dir = params.tmp_dir,
- java64_home = params.java_home,
- jaas_file=params.solr_jaas_file,
- retry=30, interval=5)
-
- if params.security_enabled and params.has_infra_solr \
- and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos:
-
- solr_cloud_util.add_solr_roles(params.config,
- roles = [params.infra_solr_role_ranger_admin, params.infra_solr_role_ranger_audit, params.infra_solr_role_dev],
- new_service_principals = [params.ranger_admin_jaas_principal])
- service_default_principals_map = [('hdfs', 'nn'), ('hbase', 'hbase'), ('hive', 'hive'), ('kafka', 'kafka'), ('kms', 'rangerkms'),
- ('knox', 'knox'), ('nifi', 'nifi'), ('storm', 'storm'), ('yanr', 'yarn')]
- service_principals = get_ranger_plugin_principals(service_default_principals_map)
- solr_cloud_util.add_solr_roles(params.config,
- roles = [params.infra_solr_role_ranger_audit, params.infra_solr_role_dev],
- new_service_principals = service_principals)
-
-
- solr_cloud_util.create_collection(
- zookeeper_quorum = params.zookeeper_quorum,
- solr_znode = params.solr_znode,
- collection = params.ranger_solr_collection_name,
- config_set = params.ranger_solr_config_set,
- java64_home = params.java_home,
- shards = params.ranger_solr_shards,
- replication_factor = int(params.replication_factor),
- jaas_file = params.solr_jaas_file)
-
- if params.security_enabled and params.has_infra_solr \
- and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos:
- secure_znode(format('{solr_znode}/configs/{ranger_solr_config_set}'), params.solr_jaas_file)
- secure_znode(format('{solr_znode}/collections/{ranger_solr_collection_name}'), params.solr_jaas_file)
- except ExecutionFailed as execution_exception:
- Logger.error('Error when configuring Solr for Ranger, Kindly check Solr/Zookeeper services to be up and running:\n {0}'.format(execution_exception))
-
-def setup_ranger_admin_passwd_change():
- import params
-
- if params.admin_password != params.default_admin_password:
- cmd = format('ambari-python-wrap {ranger_home}/db_setup.py -changepassword {admin_username} {default_admin_password!p} {admin_password!p}')
- Logger.info('Updating admin password')
- Execute(cmd, environment={'JAVA_HOME': params.java_home, 'RANGER_ADMIN_HOME': params.ranger_home}, user=params.unix_user)
-
-@retry(times=10, sleep_time=5, err_class=Fail)
-def check_znode():
- import params
- solr_cloud_util.check_znode(
- zookeeper_quorum=params.zookeeper_quorum,
- solr_znode=params.solr_znode,
- java64_home=params.java_home)
-
-def secure_znode(znode, jaasFile):
- import params
- solr_cloud_util.secure_znode(config=params.config, zookeeper_quorum=params.zookeeper_quorum,
- solr_znode=znode,
- jaas_file=jaasFile,
- java64_home=params.java_home, sasl_users=[params.ranger_admin_jaas_principal])
-
-def get_ranger_plugin_principals(services_defaults_tuple_list):
- """
- Get ranger plugin user principals from service-default value maps using ranger-*-audit configurations
- """
- import params
- user_principals = []
- if len(services_defaults_tuple_list) < 1:
- raise Exception("Services - defaults map parameter is missing.")
-
- for (service, default_value) in services_defaults_tuple_list:
- user_principal = default(format("configurations/ranger-{service}-audit/xasecure.audit.jaas.Client.option.principal"), default_value)
- user_principals.append(user_principal)
- return user_principals
-
-
-def setup_tagsync_ssl_configs():
- import params
- Directory(params.security_store_path,
- cd_access="a",
- create_parents=True)
-
- Directory(params.tagsync_etc_path,
- cd_access="a",
- owner=params.unix_user,
- group=params.unix_group,
- mode=0775,
- create_parents=True)
-
- # remove plain-text password from xml configs
- ranger_tagsync_policymgr_ssl_copy = {}
- ranger_tagsync_policymgr_ssl_copy.update(params.config['configurations']['ranger-tagsync-policymgr-ssl'])
- for prop in params.ranger_tagsync_password_properties:
- if prop in ranger_tagsync_policymgr_ssl_copy:
- ranger_tagsync_policymgr_ssl_copy[prop] = "_"
-
- XmlConfig("ranger-policymgr-ssl.xml",
- conf_dir=params.ranger_tagsync_conf,
- configurations=ranger_tagsync_policymgr_ssl_copy,
- configuration_attributes=params.config['configuration_attributes']['ranger-tagsync-policymgr-ssl'],
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644)
-
- ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.ranger_tagsync_keystore_password, params.ranger_tagsync_credential_file)
- ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.ranger_tagsync_truststore_password, params.ranger_tagsync_credential_file)
-
- File(params.ranger_tagsync_credential_file,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
-
- # remove plain-text password from xml configs
- atlas_tagsync_ssl_copy = {}
- atlas_tagsync_ssl_copy.update(params.config['configurations']['atlas-tagsync-ssl'])
- for prop in params.ranger_tagsync_password_properties:
- if prop in atlas_tagsync_ssl_copy:
- atlas_tagsync_ssl_copy[prop] = "_"
-
- XmlConfig("atlas-tagsync-ssl.xml",
- conf_dir=params.ranger_tagsync_conf,
- configurations=atlas_tagsync_ssl_copy,
- configuration_attributes=params.config['configuration_attributes']['atlas-tagsync-ssl'],
- owner=params.unix_user,
- group=params.unix_group,
- mode=0644)
-
- ranger_credential_helper(params.tagsync_cred_lib, 'sslKeyStore', params.atlas_tagsync_keystore_password, params.atlas_tagsync_credential_file)
- ranger_credential_helper(params.tagsync_cred_lib, 'sslTrustStore', params.atlas_tagsync_truststore_password, params.atlas_tagsync_credential_file)
-
- File(params.atlas_tagsync_credential_file,
- owner = params.unix_user,
- group = params.unix_group,
- mode = 0640
- )
- Logger.info("Configuring tagsync-ssl configurations done successfully.")
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py
deleted file mode 100644
index 842430b..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/status_params.py
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-
-from resource_management.libraries.script import Script
-from resource_management.libraries.functions.format import format
-from resource_management.libraries.functions.default import default
-from resource_management.libraries.functions.version import format_stack_version
-from resource_management.libraries.functions.stack_features import check_stack_feature
-from resource_management.libraries.functions import StackFeature
-
-config = Script.get_config()
-tmp_dir = Script.get_tmp_dir()
-
-upgrade_marker_file = format("{tmp_dir}/rangeradmin_ru.inprogress")
-ranger_pid_dir = config['configurations']['ranger-env']['ranger_pid_dir']
-tagsync_pid_file = format('{ranger_pid_dir}/tagsync.pid')
-stack_name = default("/hostLevelParams/stack_name", None)
-stack_version_unformatted = config['hostLevelParams']['stack_version']
-stack_version_formatted = format_stack_version(stack_version_unformatted)
-ranger_admin_pid_file = format('{ranger_pid_dir}/rangeradmin.pid')
-ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid')
-stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_PID_SUPPORT, stack_version_formatted)
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py
deleted file mode 100644
index a07a1fd..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/scripts/upgrade.py
+++ /dev/null
@@ -1,31 +0,0 @@
-
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-
-"""
-from resource_management.core.resources.system import Execute
-from resource_management.libraries.functions import conf_select
-from resource_management.libraries.functions import stack_select
-from resource_management.libraries.functions.format import format
-
-def prestart(env, stack_component):
- import params
-
- if params.version and params.stack_supports_rolling_upgrade:
- conf_select.select(params.stack_name, stack_component, params.version)
- stack_select.select(stack_component, params.version)
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2
deleted file mode 100644
index 6c5bb1f..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/input.config-ranger.json.j2
+++ /dev/null
@@ -1,79 +0,0 @@
-{#
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #}
-{
- "input":[
- {
- "type":"ranger_admin",
- "rowtype":"service",
- "path":"{{default('/configurations/ranger-env/ranger_admin_log_dir', '/var/log/ranger/admin')}}/xa_portal.log"
- },
- {
- "type":"ranger_dbpatch",
- "is_enabled":"true",
- "path":"{{default('/configurations/ranger-env/ranger_admin_log_dir', '/var/log/ranger/admin')}}/ranger_db_patch.log"
- },
- {
- "type":"ranger_usersync",
- "rowtype":"service",
- "path":"{{default('/configurations/ranger-env/ranger_usersync_log_dir', '/var/log/ranger/usersync')}}/usersync.log"
- }
- ],
- "filter":[
- {
- "filter":"grok",
- "conditions":{
- "fields":{
- "type":[
- "ranger_admin",
- "ranger_dbpatch"
- ]
- }
- },
- "log4j_format":"%d [%t] %-5p %C{6} (%F:%L) - %m%n",
- "multiline_pattern":"^(%{TIMESTAMP_ISO8601:logtime})",
- "message_pattern":"(?m)^%{TIMESTAMP_ISO8601:logtime}%{SPACE}\\[%{DATA:thread_name}\\]%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}\\(%{JAVAFILE:file}:%{INT:line_number}\\)%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
- "post_map_values":{
- "logtime":{
- "map_date":{
- "target_date_pattern":"yyyy-MM-dd HH:mm:ss,SSS"
- }
- }
- }
- },
- {
- "filter":"grok",
- "conditions":{
- "fields":{
- "type":[
- "ranger_usersync"
- ]
- }
- },
- "log4j_format":"%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n",
- "multiline_pattern":"^(%{USER_SYNC_DATE:logtime})",
- "message_pattern":"(?m)^%{USER_SYNC_DATE:logtime}%{SPACE}%{LOGLEVEL:level}%{SPACE}%{JAVACLASS:logger_name}%{SPACE}\\[%{DATA:thread_name}\\]%{SPACE}-%{SPACE}%{GREEDYDATA:log_message}",
- "post_map_values":{
- "logtime":{
- "map_date":{
- "target_date_pattern":"dd MMM yyyy HH:mm:ss"
- }
- }
- }
- }
- ]
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2
deleted file mode 100644
index d69ad6c..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_admin_pam.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-{#
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #}
-#%PAM-1.0
-auth sufficient pam_unix.so
-auth sufficient pam_sss.so
-account sufficient pam_unix.so
-account sufficient pam_sss.so
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2
deleted file mode 100644
index d69ad6c..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_remote_pam.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-{#
- # Licensed to the Apache Software Foundation (ASF) under one
- # or more contributor license agreements. See the NOTICE file
- # distributed with this work for additional information
- # regarding copyright ownership. The ASF licenses this file
- # to you under the Apache License, Version 2.0 (the
- # "License"); you may not use this file except in compliance
- # with the License. You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #}
-#%PAM-1.0
-auth sufficient pam_unix.so
-auth sufficient pam_sss.so
-account sufficient pam_unix.so
-account sufficient pam_sss.so
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2
deleted file mode 100644
index a456688..0000000
--- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/package/templates/ranger_solr_jaas_conf.j2
+++ /dev/null
@@ -1,26 +0,0 @@
-{#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#}
-
-Client {
- com.sun.security.auth.module.Krb5LoginModule required
- useKeyTab=true
- storeKey=true
- useTicketCache=false
- keyTab="{{solr_kerberos_keytab}}"
- principal="{{solr_kerberos_principal}}";
-};
\ No newline at end of file
[10/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/atlas-tagsync-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/atlas-tagsync-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/atlas-tagsync-ssl.xml
new file mode 100644
index 0000000..d43c010
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/atlas-tagsync-ssl.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>/etc/security/serverKeys/atlas-tagsync-keystore.jks</value>
+ <description>Java Keystore files</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>myKeyFilePassword</value>
+ <property-type>PASSWORD</property-type>
+ <description>password for keystore</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>/etc/security/serverKeys/atlas-tagsync-mytruststore.jks</value>
+ <description>java truststore file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <description>java truststore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file{{atlas_tagsync_credential_file}}</value>
+ <description>java keystore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file{{atlas_tagsync_credential_file}}</value>
+ <description>java truststore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-admin-site.xml
new file mode 100644
index 0000000..e2b6c24
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-admin-site.xml
@@ -0,0 +1,751 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration supports_final="true">
+ <property>
+ <name>ranger.service.host</name>
+ <value>{{ranger_host}}</value>
+ <description>Host where ranger service to be installed</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.http.enabled</name>
+ <value>true</value>
+ <display-name>HTTP enabled</display-name>
+ <description>Enable HTTP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.http.port</name>
+ <value>6080</value>
+ <description>HTTP port</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.port</name>
+ <value>6182</value>
+ <description>HTTPS port (if SSL is enabled)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.ssl.enabled</name>
+ <value>false</value>
+ <description>true/false, set to true if using SSL</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.clientAuth</name>
+ <value>want</value>
+ <description>Needs to be set to want for two way SSL</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.keyalias</name>
+ <value>rangeradmin</value>
+ <description>Alias for Ranger Admin key in keystore</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.pass</name>
+ <value>xasecure</value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for keystore</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.https.attrib.keystore.file</name>
+ <value>/etc/security/serverKeys/ranger-admin-keystore.jks</value>
+ <description>Ranger admin keystore (specify full path)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.externalurl</name>
+ <value>{{ranger_external_url}}</value>
+ <display-name>External URL</display-name>
+ <description>URL to be used by clients to access ranger admin</description>
+ <value-attributes>
+ <visible>false</visible>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.driver</name>
+ <value>com.mysql.jdbc.Driver</value>
+ <display-name>Driver class name for a JDBC Ranger database</display-name>
+ <description>JDBC driver class name. Example: For MySQL / MariaDB: com.mysql.jdbc.Driver, For Oracle: oracle.jdbc.OracleDriver</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.url</name>
+ <value>jdbc:mysql://localhost</value>
+ <display-name>JDBC connect string for a Ranger database</display-name>
+ <description>JDBC connect string</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ <property>
+ <type>admin-properties</type>
+ <name>db_host</name>
+ </property>
+ <property>
+ <type>admin-properties</type>
+ <name>db_name</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.user</name>
+ <value>{{ranger_db_user}}</value>
+ <description>JDBC user</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.password</name>
+ <value>_</value>
+ <property-type>PASSWORD</property-type>
+ <description>JDBC password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.credential.alias</name>
+ <value>rangeradmin</value>
+ <description>Alias name for storing JDBC password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.credential.provider.path</name>
+ <value>/etc/ranger/admin/rangeradmin.jceks</value>
+ <description>File for credential store, provide full file path</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.source.type</name>
+ <value>solr</value>
+ <description>db or solr, based on the audit destination used</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.urls</name>
+ <value/>
+ <description>Solr url for audit. Example: http://solr_host:6083/solr/ranger_audits</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.authentication.method</name>
+ <value>UNIX</value>
+ <display-name>Authentication method</display-name>
+ <description>Ranger admin Authentication - UNIX/PAM/LDAP/AD/NONE</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-ugsync-site</type>
+ <name>ranger.usersync.source.impl.class</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.url</name>
+ <display-name>​LDAP URL</display-name>
+ <value>{{ranger_ug_ldap_url}}</value>
+ <description>LDAP Server URL, only used if Authentication method is LDAP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.user.dnpattern</name>
+ <value>uid={0},ou=users,dc=xasecure,dc=net</value>
+ <description>LDAP user DN, only used if Authentication method is LDAP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.searchbase</name>
+ <display-name>Group Search Base</display-name>
+ <value>{{ranger_ug_ldap_group_searchbase}}</value>
+ <description>LDAP group searchbase, only used if Authentication method is LDAP</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.searchfilter</name>
+ <display-name>Group Search Filter</display-name>
+ <value>{{ranger_ug_ldap_group_searchfilter}}</value>
+ <description>LDAP group search filter, only used if Authentication method is LDAP</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.roleattribute</name>
+ <value>cn</value>
+ <description>LDAP group role attribute, only used if Authentication method is LDAP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.base.dn</name>
+ <value>dc=example,dc=com</value>
+ <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.bind.dn</name>
+ <display-name>Bind User</display-name>
+ <value>{{ranger_ug_ldap_bind_dn}}</value>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.bind.password</name>
+ <display-name>​Bind User Password</display-name>
+ <value></value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the account that can search for users</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.domain</name>
+ <display-name>Domain Name (Only for AD)</display-name>
+ <value/>
+ <description>AD domain, only used if Authentication method is AD</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.url</name>
+ <value>{{ranger_ug_ldap_url}}</value>
+ <description>AD URL, only used if Authentication method is AD</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.base.dn</name>
+ <value>dc=example,dc=com</value>
+ <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.bind.dn</name>
+ <value>{{ranger_ug_ldap_bind_dn}}</value>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.bind.password</name>
+ <value></value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the account that can search for users</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.unixauth.remote.login.enabled</name>
+ <value>true</value>
+ <display-name>Allow remote Login</display-name>
+ <description>Remote login enabled? - only used if Authentication method is UNIX</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.unixauth.service.hostname</name>
+ <value>{{ugsync_host}}</value>
+ <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.unixauth.service.port</name>
+ <value>5151</value>
+ <description>Port for unix authentication service - only used if Authentication method is UNIX</description>
+ <value-attributes>
+ <type>int</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.dialect</name>
+ <value>{{jdbc_dialect}}</value>
+ <description>JDBC dialect used for policy DB</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.username</name>
+ <value>ranger_solr</value>
+ <description>Solr username</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.password</name>
+ <value>NONE</value>
+ <property-type>PASSWORD</property-type>
+ <description>Solr password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.providerurl</name>
+ <value/>
+ <display-name>SSO provider url</display-name>
+ <description>Example: https://KNOX_HOST:KNOX_PORT/gateway/TOPOLOGY_NAME/knoxsso/api/v1/websso</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>gateway-site</type>
+ <name>gateway.port</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.publicKey</name>
+ <value/>
+ <display-name>SSO public key</display-name>
+ <description>Public key for SSO cookie verification</description>
+ <value-attributes>
+ <type>multiLine</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.enabled</name>
+ <value>false</value>
+ <display-name>Enable Ranger SSO</display-name>
+ <description/>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.browser.useragent</name>
+ <value>Mozilla,chrome</value>
+ <display-name>SSO browser useragent</display-name>
+ <description>Comma seperated browser agent</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.binddn.credential.alias</name>
+ <value>ranger.ldap.bind.password</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.binddn.credential.alias</name>
+ <value>ranger.ldap.ad.bind.password</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.token.valid.seconds</name>
+ <value>30</value>
+ <description/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.cookie.domain</name>
+ <value>{{ranger_host}}</value>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.cookie.path</name>
+ <value>/</value>
+ <description/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.spnego.kerberos.principal</name>
+ <value>*</value>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.spnego.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.lookup.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.lookup.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.truststore.file</name>
+ <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
+ <display-name>ranger.truststore.file</display-name>
+ <description>Ranger trust-store file-path</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <display-name>ranger.truststore.password</display-name>
+ <description>Ranger trust-store password</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.zookeepers</name>
+ <value>NONE</value>
+ <description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>infra-solr-env</type>
+ <name>infra_solr_znode</name>
+ </property>
+ <property>
+ <type>ranger-env</type>
+ <name>is_solrCloud_enabled</name>
+ </property>
+ <property>
+ <type>ranger-env</type>
+ <name>is_external_solrCloud_enabled</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.user.searchfilter</name>
+ <value>(sAMAccountName={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.ldap.user.searchfilter</name>
+ <display-name>User Search Filter</display-name>
+ <value>(uid={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.kms.service.user.hdfs</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>hadoop-env</type>
+ <name>hdfs_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.kms.service.user.hive</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>hive-env</type>
+ <name>hive_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.hdfs.serviceuser</name>
+ <value>hdfs</value>
+ <depends-on>
+ <property>
+ <type>hadoop-env</type>
+ <name>hdfs_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.hive.serviceuser</name>
+ <value>hive</value>
+ <depends-on>
+ <property>
+ <type>hive-env</type>
+ <name>hive_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.hbase.serviceuser</name>
+ <value>hbase</value>
+ <depends-on>
+ <property>
+ <type>hbase-env</type>
+ <name>hbase_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.yarn.serviceuser</name>
+ <value>yarn</value>
+ <depends-on>
+ <property>
+ <type>yarn-env</type>
+ <name>yarn_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.knox.serviceuser</name>
+ <value>knox</value>
+ <depends-on>
+ <property>
+ <type>knox-env</type>
+ <name>knox_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.storm.serviceuser</name>
+ <value>storm</value>
+ <depends-on>
+ <property>
+ <type>storm-env</type>
+ <name>storm_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.kafka.serviceuser</name>
+ <value>kafka</value>
+ <depends-on>
+ <property>
+ <type>kafka-env</type>
+ <name>kafka_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.atlas.serviceuser</name>
+ <value>atlas</value>
+ <depends-on>
+ <property>
+ <type>atlas-env</type>
+ <name>metadata_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.kms.serviceuser</name>
+ <value>kms</value>
+ <depends-on>
+ <property>
+ <type>kms-env</type>
+ <name>kms_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.is.solr.kerberised</name>
+ <value>{{ranger_is_solr_kerberised}}</value>
+ <value-attributes>
+ <visible>false</visible>
+ </value-attributes>
+ <description/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.truststore.alias</name>
+ <value>trustStoreAlias</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.credential.alias</name>
+ <value>keyStoreCredentialAlias</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml
new file mode 100644
index 0000000..ff44901
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml
@@ -0,0 +1,503 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true" supports_adding_forbidden="true">
+ <property>
+ <name>ranger_user</name>
+ <value>ranger</value>
+ <property-type>USER</property-type>
+ <display-name>Ranger User</display-name>
+ <description>Ranger username</description>
+ <value-attributes>
+ <type>user</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_group</name>
+ <value>ranger</value>
+ <property-type>GROUP</property-type>
+ <display-name>Ranger Group</display-name>
+ <description>Ranger group</description>
+ <value-attributes>
+ <type>user</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_admin_log_dir</name>
+ <value>/var/log/ranger/admin</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_usersync_log_dir</name>
+ <value>/var/log/ranger/usersync</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_admin_username</name>
+ <value>amb_ranger_admin</value>
+ <property-type>TEXT</property-type>
+ <display-name>Ranger Admin username for Ambari</display-name>
+ <description>This is the ambari user created for creating repositories and policies in Ranger Admin for each plugin</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_admin_password</name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <display-name>Ranger Admin user's password for Ambari</display-name>
+ <description>This is the ambari user password created for creating repositories and policies in Ranger Admin for each plugin</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>admin_username</name>
+ <value>admin</value>
+ <description>This is the username for default admin user that is used for creating ambari user in Ranger Admin</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>admin_password</name>
+ <value>admin</value>
+ <property-type>PASSWORD</property-type>
+ <description>This is the password for default admin user that is used for creating ambari user in Ranger Admin</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_pid_dir</name>
+ <value>/var/run/ranger</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ <editable-only-at-install>true</editable-only-at-install>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-hdfs-plugin-enabled</name>
+ <value>No</value>
+ <display-name>HDFS Ranger Plugin</display-name>
+ <description>Enable HDFS Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-hive-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Hive Ranger Plugin</display-name>
+ <description>Enable Hive Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-hbase-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Hbase Ranger Plugin</display-name>
+ <description>Enable HBase Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-storm-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Storm Ranger Plugin</display-name>
+ <description>Enable Storm Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-knox-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Knox Ranger Plugin</display-name>
+ <description>Enable Knox Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xml_configurations_supported</name>
+ <value>true</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>create_db_dbuser</name>
+ <value>true</value>
+ <display-name>Setup Database and Database User</display-name>
+ <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_privelege_user_jdbc_url</name>
+ <display-name>JDBC connect string for root user</display-name>
+ <description>JDBC connect string - auto populated based on other values. This is to be used by root user</description>
+ <value>jdbc:mysql://localhost</value>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ <property>
+ <type>admin-properties</type>
+ <name>db_host</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-yarn-plugin-enabled</name>
+ <value>No</value>
+ <display-name>YARN Ranger Plugin</display-name>
+ <description>Enable YARN Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-kafka-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Kafka Ranger Plugin</display-name>
+ <description>Enable Kafka Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr</name>
+ <value>true</value>
+ <display-name>Audit to Solr</display-name>
+ <description>Enable Audit to Solr for all ranger supported services. This property is overridable at service level</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>is_solrCloud_enabled</name>
+ <display-name>SolrCloud</display-name>
+ <description>SolrCloud uses zookeeper for distributed search and indexing</description>
+ <value>false</value>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs</name>
+ <value>true</value>
+ <display-name>Audit to HDFS</display-name>
+ <description>Enable Audit to HDFS for all ranger supported services. This property is overridable at service level</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ <value>hdfs://localhost:8020</value>
+ <display-name>Destination HDFS Directory</display-name>
+ <description>HDFS folder to write audit to, make sure all service user has required permissions. This property is overridable at service level</description>
+ <depends-on>
+ <property>
+ <type>core-site</type>
+ <name>fs.defaultFS</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_config_set</name>
+ <value>ranger_audits</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_collection_name</name>
+ <value>ranger_audits</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_shards</name>
+ <value>1</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_replication_factor</name>
+ <value>1</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-atlas-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Atlas Ranger Plugin</display-name>
+ <description>Enable Atlas Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>is_external_solrCloud_enabled</name>
+ <display-name>External SolrCloud</display-name>
+ <value>false</value>
+ <description>Using Externally managed solr cloud ?</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>is_external_solrCloud_kerberos</name>
+ <display-name>External SolrCloud kerberos</display-name>
+ <value>false</value>
+ <description>Is Externally managed solr cloud kerberos ?</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-nifi-plugin-enabled</name>
+ <value>No</value>
+ <display-name>NIFI Ranger Plugin</display-name>
+ <description>Enable NIFI Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-solr-configuration.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-solr-configuration.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-solr-configuration.xml
new file mode 100644
index 0000000..550ce0d
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-solr-configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>ranger_audit_max_retention_days</name>
+ <display-name>Max Retention Days</display-name>
+ <description>Days to retain audit logs in Solr</description>
+ <value>90</value>
+ <value-attributes>
+ <type>int</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_audit_logs_merge_factor</name>
+ <display-name>Merge Factor</display-name>
+ <description>
+ The mergeFactor value tells Lucene how many segments of equal size to build before merging them into a
+ single segment. High value merge factor (e.g. 25) improves indexing speed, but slows down searching. Low value
+ (e.g. 5) improves searching, but slows down indexing.
+ </description>
+ <value>5</value>
+ <value-attributes>
+ <type>int</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>solr-config template</display-name>
+ <description>the jinja template for solrconfig.xml file used for ranger audit logs</description>
+ <value/>
+ <property-type>VALUE_FROM_PROPERTY_FILE</property-type>
+ <value-attributes>
+ <property-file-name>ranger-solrconfig.xml.j2</property-file-name>
+ <property-file-type>xml</property-file-type>
+ </value-attributes>
+ <on-ambari-upgrade add="false" />
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
new file mode 100644
index 0000000..a4c9441
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>/etc/security/serverKeys/ranger-tagsync-keystore.jks</value>
+ <description>Java Keystore files</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>myKeyFilePassword</value>
+ <property-type>PASSWORD</property-type>
+ <description>password for keystore</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>/etc/security/serverKeys/ranger-tagsync-mytruststore.jks</value>
+ <description>java truststore file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <description>java truststore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file{{ranger_tagsync_credential_file}}</value>
+ <description>java keystore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file{{ranger_tagsync_credential_file}}</value>
+ <description>java truststore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-site.xml
new file mode 100644
index 0000000..2eab439
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-site.xml
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true">
+ <property>
+ <name>ranger.tagsync.logdir</name>
+ <value>/var/log/ranger/tagsync</value>
+ <description>Ranger Log dir</description>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.endpoint</name>
+ <value>{{ranger_external_url}}</value>
+ <description>Ranger TagAdmin REST URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlas</name>
+ <display-name>Enable Atlas Tag Source</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.server.bind.address</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest</name>
+ <display-name>Enable AtlasRest Tag Source</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.file</name>
+ <display-name>Enable File Tag Source</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.file.check.interval.millis</name>
+ <display-name>File Source: File update polling interval</display-name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.download.interval.millis</name>
+ <display-name>AtlasREST Source: Atlas source download interval</display-name>
+ <value>60000</value>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.tagsync.source.file.filename</name>
+ <display-name>File Source: Filename</display-name>
+ <value/>
+ <description>File Source Filename</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.endpoint</name>
+ <display-name>AtlasREST Source: Atlas endpoint</display-name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ <depends-on>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.server.http.port</name>
+ </property>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.server.https.port</name>
+ </property>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.enableTLS</name>
+ </property>
+ </depends-on>
+ </property>
+ <property>
+ <name>ranger.tagsync.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.username</name>
+ <value>rangertagsync</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.username</name>
+ <value>admin</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.atlas.default.cluster.name</name>
+ <value>{{cluster_name}}</value>
+ <description>Capture cluster name</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.keystore.filename</name>
+ <value>/usr/hdp/current/ranger-tagsync/conf/rangertagsync.jceks</value>
+ <description>Keystore file</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.keystore.filename</name>
+ <value>/usr/hdp/current/ranger-tagsync/conf/atlasuser.jceks</value>
+ <description>Tagsync atlasrest keystore file</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.ssl.config.filename</name>
+ <value>{{stack_root}}/current/ranger-tagsync/conf/ranger-policymgr-ssl.xml</value>
+ <description>Keystore and truststore information used for tagsync, required if tagsync -> ranger admin communication is SSL enabled</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.ssl.config.filename</name>
+ <value>{{stack_root}}/current/ranger-tagsync/conf/atlas-tagsync-ssl.xml</value>
+ <description>Keystore and truststore information used for tagsync, required if tagsync to atlas communication is SSL enabled</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml
new file mode 100644
index 0000000..80babd6
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml
@@ -0,0 +1,571 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration supports_final="true">
+ <property>
+ <name>ranger.usersync.port</name>
+ <value>5151</value>
+ <description>Port for unix authentication service, run within usersync</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ssl</name>
+ <value>true</value>
+ <description>SSL enabled? (ranger admin -> usersync communication)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.keystore.password</name>
+ <value>UnIx529p</value>
+ <property-type>PASSWORD</property-type>
+ <description>Keystore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <description>Truststore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.passwordvalidator.path</name>
+ <value>./native/credValidator.uexe</value>
+ <description>Native program for password validation</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.enabled</name>
+ <display-name>Enable User Sync</display-name>
+ <value>true</value>
+ <description>Should users and groups be synchronized to Ranger Database? Required to setup Ranger policies</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.sink.impl.class</name>
+ <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
+ <description>Class to be used as sink (to sync users into ranger admin)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymanager.baseURL</name>
+ <value>{{ranger_external_url}}</value>
+ <description>URL to be used by clients to access ranger admin, use FQDN</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymanager.maxrecordsperapicall</name>
+ <value>1000</value>
+ <description>How many records to be returned per API call</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymanager.mockrun</name>
+ <value>false</value>
+ <description>Is user sync doing mock run?</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.unix.minUserId</name>
+ <display-name>Minimum User ID</display-name>
+ <value>500</value>
+ <description>Only sync users above this user id (applicable for UNIX)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.unix.group.file</name>
+ <display-name>Group File</display-name>
+ <value>/etc/group</value>
+ <description>Location of the groups file on the linux server</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.unix.password.file</name>
+ <display-name>Password File</display-name>
+ <value>/etc/passwd</value>
+ <description>Location of the password file on the linux server</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
+ <value>60000</value>
+ <description>Sleeptime interval in milliseconds, if < 6000 then default to 1 min</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.source.impl.class</name>
+ <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
+ <display-name>Sync Source</display-name>
+ <description>For Ldap: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder, For Unix: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder, org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</description>
+ <value-attributes>
+ <type>value-list</type>
+ <empty-value-valid>true</empty-value-valid>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
+ <label>UNIX</label>
+ </entry>
+ <entry>
+ <value>org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</value>
+ <label>FILE</label>
+ </entry>
+ <entry>
+ <value>org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder</value>
+ <label>LDAP/AD</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.filesource.file</name>
+ <display-name>File Name</display-name>
+ <value>/tmp/usergroup.txt</value>
+ <description>Path to the file with the users and groups information. Example: /tmp/usergroup.json or /tmp/usergroup.csv or /tmp/usergroup.txt</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.filesource.text.delimiter</name>
+ <display-name>Delimiter</display-name>
+ <value>,</value>
+ <description>Delimiter used in file, if File based user sync is used</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.url</name>
+ <display-name>LDAP/AD URL</display-name>
+ <value/>
+ <description>LDAP server URL. Example: value = ldap://localhost:389 or ldaps//localhost:636</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.binddn</name>
+ <display-name>​Bind User</display-name>
+ <value/>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. This user is used for searching the users. This could be read-only LDAP user. Example: cn=admin,dc=example,dc=com</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.ldapbindpassword</name>
+ <display-name>Bind User Password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the LDAP bind user used for searching users.</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.bindalias</name>
+ <value>testldapalias</value>
+ <description>Set as ranger.usersync.ldap.bindalias (string as is)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.usersync.ldap.searchBase</name>
+ <value>dc=hadoop,dc=apache,dc=org</value>
+ <description>"# search base for users and groups
+# sample value would be dc=hadoop,dc=apache,dc=org
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.searchbase</name>
+ <display-name>User Search Base</display-name>
+ <value/>
+ <description>"# search base for users
+# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: cn=users,dc=example,dc=com;ou=example1,ou=example2"</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.searchscope</name>
+ <display-name>User Search Scope</display-name>
+ <value>sub</value>
+ <description>"# search scope for the users, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.objectclass</name>
+ <display-name>User Object Class​</display-name>
+ <value>person</value>
+ <description>LDAP User Object Class. Example: person or user</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.searchfilter</name>
+ <display-name>​User Search Filter</display-name>
+ <value/>
+ <description>"optional additional filter constraining the users selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.nameattribute</name>
+ <display-name>Username Attribute</display-name>
+ <value/>
+ <description>LDAP user name attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.groupnameattribute</name>
+ <display-name>User Group Name Attribute</display-name>
+ <value>memberof, ismemberof</value>
+ <description>LDAP user group name attribute. Generally it is the same as username attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.username.caseconversion</name>
+ <value>none</value>
+ <description>User name case conversion</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.groupname.caseconversion</name>
+ <value>none</value>
+ <description>Group name case conversion</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.logdir</name>
+ <value>{{usersync_log_dir}}</value>
+ <description>User sync log directory</description>
+ <value-attributes>
+ <visible>false</visible>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.usermapsyncenabled</name>
+ <value>true</value>
+ <display-name>Group User Map Sync</display-name>
+ <description>Sync specific groups for users?</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchbase</name>
+ <display-name>Group Search Base</display-name>
+ <value/>
+ <description>"# search base for groups
+# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase, ranger.usersync.ldap.user.searchbase
+# if a value is not specified, takes the value of ranger.usersync.ldap.searchBase
+# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: ou=groups,DC=example,DC=com;ou=group1,ou=group2"
+</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchscope</name>
+ <value/>
+ <description>"# search scope for the groups, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.objectclass</name>
+ <display-name>Group Object Class</display-name>
+ <value/>
+ <description>LDAP Group object class. Example: group</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchfilter</name>
+ <value/>
+ <display-name>Group Search Filter</display-name>
+ <description>"# optional additional filter constraining the groups selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.nameattribute</name>
+ <display-name>Group Name Attribute</display-name>
+ <value/>
+ <description>LDAP group name attribute. Example: cn</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.memberattributename</name>
+ <display-name>Group Member Attribute</display-name>
+ <value/>
+ <description>LDAP group member attribute name. Example: member</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.pagedresultsenabled</name>
+ <value>true</value>
+ <description>Results can be paged?</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.pagedresultssize</name>
+ <value>500</value>
+ <description>Page size</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymgr.username</name>
+ <value>rangerusersync</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymgr.alias</name>
+ <value>ranger.usersync.policymgr.password</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.search.first.enabled</name>
+ <display-name>Enable Group Search First</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.user.searchenabled</name>
+ <display-name>Enable User Search</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.deltasync</name>
+ <display-name>Incremental Sync</display-name>
+ <value>true</value>
+ <description>Enable Incremental Sync</description>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchenabled</name>
+ <display-name>Enable Group Sync</display-name>
+ <value>false</value>
+ <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes
+ # valid values: true, false
+ # any value other than true would be treated as false
+ # default value: false"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-ugsync-site</type>
+ <name>ranger.usersync.ldap.deltasync</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.keystore.file</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
+ <description>Keystore file used for usersync</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.truststore.file</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
+ <description>Truststore used for usersync, required if usersync -> ranger admin communication is SSL enabled</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.bindkeystore</name>
+ <value/>
+ <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.credstore.filename</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
+ <description>Credential store file name for user sync, specify full path</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymgr.keystore</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-application-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-application-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-application-properties.xml
new file mode 100644
index 0000000..f616324
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-application-properties.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>atlas.kafka.entities.group.id</name>
+ <display-name>Atlas Source: Kafka consumer group</display-name>
+ <value>ranger_entities_consumer</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>atlas.kafka.bootstrap.servers</name>
+ <display-name>Atlas Source: Kafka endpoint</display-name>
+ <value>localhost:6667</value>
+ <description/>
+ <depends-on>
+ <property>
+ <type>kafka-broker</type>
+ <name>port</name>
+ </property>
+ </depends-on>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>atlas.kafka.zookeeper.connect</name>
+ <display-name>Atlas Source: Zookeeper endpoint</display-name>
+ <value>localhost:2181</value>
+ <description/>
+ <depends-on>
+ <property>
+ <type>zoo.cfg</type>
+ <name>clientPort</name>
+ </property>
+ </depends-on>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-log4j.xml
new file mode 100644
index 0000000..bd2e109
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-log4j.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_tagsync_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger tagsync Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_tagsync_log_number_of_backup_files</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger tagsync Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>tagsync-log4j template</display-name>
+ <description>tagsync-log4j.properties</description>
+ <value>
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+log4j.rootLogger = info,logFile
+
+# logFile
+log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.logFile.file=${logdir}/tagsync.log
+log4j.appender.logFile.datePattern='.'yyyy-MM-dd
+log4j.appender.logFile.layout=org.apache.log4j.PatternLayout
+log4j.appender.logFile.MaxFileSize = {{ranger_tagsync_log_maxfilesize}}MB
+log4j.appender.logFile.MaxBackupIndex = {{ranger_tagsync_log_number_of_backup_files}}
+log4j.appender.logFile.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n
+
+# console
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.Target=System.out
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
[09/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
Posted by mu...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/usersync-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/usersync-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/usersync-log4j.xml
new file mode 100644
index 0000000..b5f2a7a
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/usersync-log4j.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_usersync_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger usersync Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_usersync_log_maxbackupindex</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger usersync Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>usersync-log4j template</display-name>
+ <description>usersync-log4j.properties</description>
+ <value>
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+log4j.rootLogger = info,logFile
+
+# logFile
+log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.logFile.file=${logdir}/usersync.log
+log4j.appender.logFile.datePattern='.'yyyy-MM-dd
+log4j.appender.logFile.layout=org.apache.log4j.PatternLayout
+log4j.appender.logFile.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n
+log4j.appender.logFile.MaxFileSize = {{ranger_usersync_log_maxfilesize}}MB
+log4j.appender.logFile.MaxBackupIndex = {{ranger_usersync_log_maxbackupindex}}
+
+# console
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.Target=System.out
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %m%n
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
new file mode 100644
index 0000000..1fc8acf
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/kerberos.json
@@ -0,0 +1,153 @@
+{
+ "services": [
+ {
+ "name": "RANGER",
+ "identities": [
+ {
+ "name": "/spnego"
+ },
+ {
+ "name": "/smokeuser"
+ }
+ ],
+ "configurations": [
+ {
+ "ranger-admin-site": {
+ "xasecure.audit.jaas.Client.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+ "xasecure.audit.jaas.Client.loginModuleControlFlag": "required",
+ "xasecure.audit.jaas.Client.option.useKeyTab": "true",
+ "xasecure.audit.jaas.Client.option.storeKey": "false",
+ "xasecure.audit.jaas.Client.option.serviceName": "solr"
+ }
+ }
+ ],
+ "components": [
+ {
+ "name": "RANGER_ADMIN",
+ "identities": [
+ {
+ "name": "rangeradmin",
+ "principal": {
+ "value": "rangeradmin/_HOST@${realm}",
+ "type" : "service",
+ "configuration": "ranger-admin-site/ranger.admin.kerberos.principal",
+ "local_username" : "${ranger-env/ranger_user}"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangeradmin.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-admin-site/ranger.admin.kerberos.keytab"
+ }
+ },
+ {
+ "name": "rangerlookup",
+ "principal": {
+ "value": "rangerlookup/_HOST@${realm}",
+ "configuration": "ranger-admin-site/ranger.lookup.kerberos.principal",
+ "type" : "service"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangerlookup.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-admin-site/ranger.lookup.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/spnego",
+ "keytab": {
+ "configuration": "ranger-admin-site/ranger.spnego.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/RANGER/RANGER_ADMIN/rangeradmin",
+ "principal": {
+ "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.principal"
+ },
+ "keytab": {
+ "configuration": "ranger-admin-site/xasecure.audit.jaas.Client.option.keyTab"
+ }
+ },
+ {
+ "name": "/AMBARI_INFRA/INFRA_SOLR/infra-solr",
+ "when" : {
+ "contains" : ["services", "AMBARI_INFRA"]
+ }
+ }
+ ]
+ },
+ {
+ "name": "RANGER_USERSYNC",
+ "identities": [
+ {
+ "name": "rangerusersync",
+ "principal": {
+ "value": "rangerusersync/_HOST@${realm}",
+ "type" : "service",
+ "configuration" : "ranger-ugsync-site/ranger.usersync.kerberos.principal",
+ "local_username" : "rangerusersync"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangerusersync.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-ugsync-site/ranger.usersync.kerberos.keytab"
+ }
+ }
+ ]
+ },
+ {
+ "name": "RANGER_TAGSYNC",
+ "identities": [
+ {
+ "name": "rangertagsync",
+ "principal": {
+ "value": "rangertagsync/_HOST@${realm}",
+ "type" : "service",
+ "configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.principal",
+ "local_username" : "rangertagsync"
+ },
+ "keytab": {
+ "file": "${keytab_dir}/rangertagsync.service.keytab",
+ "owner": {
+ "name": "${ranger-env/ranger_user}",
+ "access": "r"
+ },
+ "configuration": "ranger-tagsync-site/ranger.tagsync.kerberos.keytab"
+ }
+ },
+ {
+ "name": "/RANGER/RANGER_TAGSYNC/rangertagsync",
+ "principal": {
+ "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.principal"
+ },
+ "keytab": {
+ "configuration": "tagsync-application-properties/atlas.jaas.KafkaClient.option.keyTab"
+ }
+ }
+ ],
+ "configurations": [
+ {
+ "tagsync-application-properties": {
+ "atlas.jaas.KafkaClient.loginModuleName": "com.sun.security.auth.module.Krb5LoginModule",
+ "atlas.jaas.KafkaClient.loginModuleControlFlag": "required",
+ "atlas.jaas.KafkaClient.option.useKeyTab": "true",
+ "atlas.jaas.KafkaClient.option.storeKey": "true",
+ "atlas.jaas.KafkaClient.option.serviceName": "kafka",
+ "atlas.kafka.sasl.kerberos.service.name": "kafka",
+ "atlas.kafka.security.protocol": "PLAINTEXTSASL"
+ }
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/metainfo.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/metainfo.xml
new file mode 100644
index 0000000..c452f2e
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/metainfo.xml
@@ -0,0 +1,177 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<metainfo>
+ <schemaVersion>2.0</schemaVersion>
+ <services>
+ <service>
+ <name>RANGER</name>
+ <displayName>Ranger</displayName>
+ <comment>Comprehensive security for Hadoop</comment>
+ <version>1.0.0.3.0</version>
+ <components>
+
+ <component>
+ <name>RANGER_ADMIN</name>
+ <displayName>Ranger Admin</displayName>
+ <category>MASTER</category>
+ <cardinality>1+</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <dependencies>
+ <dependency>
+ <name>AMBARI_INFRA/INFRA_SOLR_CLIENT</name>
+ <scope>host</scope>
+ <auto-deploy>
+ <enabled>true</enabled>
+ </auto-deploy>
+ </dependency>
+ </dependencies>
+ <commandScript>
+ <script>scripts/ranger_admin.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <logs>
+ <log>
+ <logId>ranger_admin</logId>
+ <primary>true</primary>
+ </log>
+ <log>
+ <logId>ranger_dbpatch</logId>
+ </log>
+ </logs>
+ </component>
+
+ <component>
+ <name>RANGER_TAGSYNC</name>
+ <displayName>Ranger Tagsync</displayName>
+ <category>SLAVE</category>
+ <cardinality>0-1</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <commandScript>
+ <script>scripts/ranger_tagsync.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <configuration-dependencies>
+ <config-type>ranger-tagsync-site</config-type>
+ <config-type>tagsync-application-properties</config-type>
+ <config-type>ranger-tagsync-policymgr-ssl</config-type>
+ <config-type>atlas-tagsync-ssl</config-type>
+ </configuration-dependencies>
+ </component>
+
+ <component>
+ <name>RANGER_USERSYNC</name>
+ <displayName>Ranger Usersync</displayName>
+ <category>MASTER</category>
+ <cardinality>1</cardinality>
+ <versionAdvertised>true</versionAdvertised>
+ <auto-deploy>
+ <enabled>true</enabled>
+ <co-locate>RANGER/RANGER_ADMIN</co-locate>
+ </auto-deploy>
+ <commandScript>
+ <script>scripts/ranger_usersync.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>600</timeout>
+ </commandScript>
+ <logs>
+ <log>
+ <logId>ranger_usersync</logId>
+ <primary>true</primary>
+ </log>
+ </logs>
+ </component>
+
+ </components>
+ <configuration-dependencies>
+ <config-type>admin-properties</config-type>
+ <config-type>ranger-admin-site</config-type>
+ <config-type>ranger-ugsync-site</config-type>
+ <config-type>admin-log4j</config-type>
+ <config-type>usersync-log4j</config-type>
+ <config-type>ranger-solr-configuration</config-type>
+ </configuration-dependencies>
+
+ <commandScript>
+ <script>scripts/service_check.py</script>
+ <scriptType>PYTHON</scriptType>
+ <timeout>300</timeout>
+ </commandScript>
+
+ <themes>
+ <theme>
+ <fileName>theme_version_1.json</fileName>
+ <default>true</default>
+ </theme>
+ </themes>
+
+ <osSpecifics>
+ <osSpecific>
+ <osFamily>redhat7,amazon2015,redhat6,suse11,suse12</osFamily>
+ <packages>
+ <package>
+ <name>ranger_${stack_version}-admin</name>
+ </package>
+ <package>
+ <name>ranger_${stack_version}-usersync</name>
+ </package>
+ <package>
+ <name>ranger_${stack_version}-tagsync</name>
+ <condition>should_install_ranger_tagsync</condition>
+ </package>
+ <package>
+ <name>ambari-infra-solr-client</name>
+ <condition>should_install_infra_solr_client</condition>
+ </package>
+ </packages>
+ </osSpecific>
+ <osSpecific>
+ <osFamily>debian7,ubuntu12,ubuntu14,ubuntu16</osFamily>
+ <packages>
+ <package>
+ <name>ranger-${stack_version}-admin</name>
+ </package>
+ <package>
+ <name>ranger-${stack_version}-usersync</name>
+ </package>
+ <package>
+ <name>ranger-${stack_version}-tagsync</name>
+ <condition>should_install_ranger_tagsync</condition>
+ </package>
+ <package>
+ <name>ambari-infra-solr-client</name>
+ <condition>should_install_infra_solr_client</condition>
+ </package>
+ </packages>
+ </osSpecific>
+ </osSpecifics>
+
+ <quickLinksConfigurations>
+ <quickLinksConfiguration>
+ <fileName>quicklinks.json</fileName>
+ <default>true</default>
+ </quickLinksConfiguration>
+ </quickLinksConfigurations>
+
+ </service>
+ </services>
+</metainfo>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
new file mode 100644
index 0000000..8ea8070
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/alerts/alert_ranger_admin_passwd_check.py
@@ -0,0 +1,195 @@
+#!/usr/bin/env python
+
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+"""
+
+import base64
+import urllib2
+import ambari_simplejson as json # simplejson is much faster comparing to Python 2.6 json module and has the same functions set.
+import logging
+from resource_management.core.environment import Environment
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions import StackFeature
+
+logger = logging.getLogger()
+RANGER_ADMIN_URL = '{{admin-properties/policymgr_external_url}}'
+ADMIN_USERNAME = '{{ranger-env/admin_username}}'
+ADMIN_PASSWORD = '{{ranger-env/admin_password}}'
+RANGER_ADMIN_USERNAME = '{{ranger-env/ranger_admin_username}}'
+RANGER_ADMIN_PASSWORD = '{{ranger-env/ranger_admin_password}}'
+SECURITY_ENABLED = '{{cluster-env/security_enabled}}'
+
+def get_tokens():
+ """
+ Returns a tuple of tokens in the format {{site/property}} that will be used
+ to build the dictionary passed into execute
+
+ :return tuple
+ """
+ return (RANGER_ADMIN_URL, ADMIN_USERNAME, ADMIN_PASSWORD, RANGER_ADMIN_USERNAME, RANGER_ADMIN_PASSWORD, SECURITY_ENABLED)
+
+
+def execute(configurations={}, parameters={}, host_name=None):
+ """
+ Returns a tuple containing the result code and a pre-formatted result label
+
+ Keyword arguments:
+ configurations (dictionary): a mapping of configuration key to value
+ parameters (dictionary): a mapping of script parameter key to value
+ host_name (string): the name of this host where the alert is running
+ """
+
+ if configurations is None:
+ return (('UNKNOWN', ['There were no configurations supplied to the script.']))
+
+ ranger_link = None
+ ranger_auth_link = None
+ ranger_get_user = None
+ admin_username = None
+ admin_password = None
+ ranger_admin_username = None
+ ranger_admin_password = None
+ security_enabled = False
+
+ stack_version_formatted = Script.get_stack_version()
+ stack_supports_ranger_kerberos = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, stack_version_formatted)
+
+ if RANGER_ADMIN_URL in configurations:
+ ranger_link = configurations[RANGER_ADMIN_URL]
+ if ranger_link.endswith('/'):
+ ranger_link = ranger_link[:-1]
+ ranger_auth_link = '{0}/{1}'.format(ranger_link, 'service/public/api/repository/count')
+ ranger_get_user = '{0}/{1}'.format(ranger_link, 'service/xusers/users')
+
+ if ADMIN_USERNAME in configurations:
+ admin_username = configurations[ADMIN_USERNAME]
+
+ if ADMIN_PASSWORD in configurations:
+ admin_password = configurations[ADMIN_PASSWORD]
+
+ if RANGER_ADMIN_USERNAME in configurations:
+ ranger_admin_username = configurations[RANGER_ADMIN_USERNAME]
+
+ if RANGER_ADMIN_PASSWORD in configurations:
+ ranger_admin_password = configurations[RANGER_ADMIN_PASSWORD]
+
+ if SECURITY_ENABLED in configurations:
+ security_enabled = str(configurations[SECURITY_ENABLED]).upper() == 'TRUE'
+
+ label = None
+ result_code = 'OK'
+
+ try:
+ if security_enabled and stack_supports_ranger_kerberos:
+ result_code = 'UNKNOWN'
+ label = 'This alert will get skipped for Ranger Admin on kerberos env'
+ else:
+ admin_http_code = check_ranger_login(ranger_auth_link, admin_username, admin_password)
+ if admin_http_code == 200:
+ get_user_code = get_ranger_user(ranger_get_user, admin_username, admin_password, ranger_admin_username)
+ if get_user_code:
+ user_http_code = check_ranger_login(ranger_auth_link, ranger_admin_username, ranger_admin_password)
+ if user_http_code == 200:
+ result_code = 'OK'
+ label = 'Login Successful for users {0} and {1}'.format(admin_username, ranger_admin_username)
+ elif user_http_code == 401:
+ result_code = 'CRITICAL'
+ label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(ranger_admin_username)
+ else:
+ result_code = 'WARNING'
+ label = 'Ranger Admin service is not reachable, please restart the service'
+ else:
+ result_code = 'OK'
+ label = 'Login Successful for user: {0}. User:{1} user not yet synced with Ranger'.format(admin_username, ranger_admin_username)
+ elif admin_http_code == 401:
+ result_code = 'CRITICAL'
+ label = 'User:{0} credentials on Ambari UI are not in sync with Ranger'.format(admin_username)
+ else:
+ result_code = 'WARNING'
+ label = 'Ranger Admin service is not reachable, please restart the service'
+
+ except Exception, e:
+ label = str(e)
+ result_code = 'UNKNOWN'
+ logger.exception(label)
+
+ return ((result_code, [label]))
+
+def check_ranger_login(ranger_auth_link, username, password):
+ """
+ params ranger_auth_link: ranger login url
+ params username: user credentials
+ params password: user credentials
+
+ return response code
+ """
+ try:
+ usernamepassword = '{0}:{1}'.format(username, password)
+ base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
+ request = urllib2.Request(ranger_auth_link)
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base_64_string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ if response_code == 200:
+ response = json.loads(result.read())
+ return response_code
+ except urllib2.HTTPError, e:
+ logger.exception("Error during Ranger service authentication. Http status code - {0}. {1}".format(e.code, e.read()))
+ return e.code
+ except urllib2.URLError, e:
+ logger.exception("Error during Ranger service authentication. {0}".format(e.reason))
+ return None
+ except Exception, e:
+ return 401
+
+def get_ranger_user(ranger_get_user, username, password, user):
+ """
+ params ranger_get_user: ranger get user url
+ params username: user credentials
+ params password: user credentials
+ params user: user to be search
+ return Boolean if user exist or not
+ """
+ try:
+ url = '{0}?name={1}'.format(ranger_get_user, user)
+ usernamepassword = '{0}:{1}'.format(username, password)
+ base_64_string = base64.encodestring(usernamepassword).replace('\n', '')
+ request = urllib2.Request(url)
+ request.add_header("Content-Type", "application/json")
+ request.add_header("Accept", "application/json")
+ request.add_header("Authorization", "Basic {0}".format(base_64_string))
+ result = urllib2.urlopen(request, timeout=20)
+ response_code = result.getcode()
+ response = json.loads(result.read())
+ if response_code == 200 and len(response['vXUsers']) > 0:
+ for xuser in response['vXUsers']:
+ if xuser['name'] == user:
+ return True
+ else:
+ return False
+ except urllib2.HTTPError, e:
+ logger.exception("Error getting user from Ranger service. Http status code - {0}. {1}".format(e.code, e.read()))
+ return False
+ except urllib2.URLError, e:
+ logger.exception("Error getting user from Ranger service. {0}".format(e.reason))
+ return False
+ except Exception, e:
+ return False
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/params.py
new file mode 100644
index 0000000..e121ccb
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/params.py
@@ -0,0 +1,449 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+import os
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions.version import format_stack_version
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.default import default
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.libraries.functions.constants import Direction
+from resource_management.libraries.functions.stack_features import check_stack_feature
+from resource_management.libraries.functions.stack_features import get_stack_feature_version
+from resource_management.libraries.functions import StackFeature
+from resource_management.libraries.functions.get_bare_principal import get_bare_principal
+
+# a map of the Ambari role to the component name
+# for use with <stack-root>/current/<component>
+SERVER_ROLE_DIRECTORY_MAP = {
+ 'RANGER_ADMIN' : 'ranger-admin',
+ 'RANGER_USERSYNC' : 'ranger-usersync',
+ 'RANGER_TAGSYNC' : 'ranger-tagsync'
+}
+
+component_directory = Script.get_component_from_role(SERVER_ROLE_DIRECTORY_MAP, "RANGER_ADMIN")
+
+config = Script.get_config()
+tmp_dir = Script.get_tmp_dir()
+stack_root = Script.get_stack_root()
+
+stack_name = default("/hostLevelParams/stack_name", None)
+version = default("/commandParams/version", None)
+
+stack_version_unformatted = config['hostLevelParams']['stack_version']
+stack_version_formatted = format_stack_version(stack_version_unformatted)
+
+upgrade_marker_file = format("{tmp_dir}/rangeradmin_ru.inprogress")
+
+xml_configurations_supported = config['configurations']['ranger-env']['xml_configurations_supported']
+
+create_db_dbuser = config['configurations']['ranger-env']['create_db_dbuser']
+
+# get the correct version to use for checking stack features
+version_for_stack_feature_checks = get_stack_feature_version(config)
+
+stack_supports_rolling_upgrade = check_stack_feature(StackFeature.ROLLING_UPGRADE, version_for_stack_feature_checks)
+stack_supports_config_versioning = check_stack_feature(StackFeature.CONFIG_VERSIONING, version_for_stack_feature_checks)
+stack_supports_usersync_non_root = check_stack_feature(StackFeature.RANGER_USERSYNC_NON_ROOT, version_for_stack_feature_checks)
+stack_supports_ranger_tagsync = check_stack_feature(StackFeature.RANGER_TAGSYNC_COMPONENT, version_for_stack_feature_checks)
+stack_supports_ranger_audit_db = check_stack_feature(StackFeature.RANGER_AUDIT_DB_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_log4j = check_stack_feature(StackFeature.RANGER_LOG4J_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_kerberos = check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, version_for_stack_feature_checks)
+stack_supports_usersync_passwd = check_stack_feature(StackFeature.RANGER_USERSYNC_PASSWORD_JCEKS, version_for_stack_feature_checks)
+stack_supports_infra_client = check_stack_feature(StackFeature.RANGER_INSTALL_INFRA_CLIENT, version_for_stack_feature_checks)
+stack_supports_pid = check_stack_feature(StackFeature.RANGER_PID_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_admin_password_change = check_stack_feature(StackFeature.RANGER_ADMIN_PASSWD_CHANGE, version_for_stack_feature_checks)
+stack_supports_ranger_setup_db_on_start = check_stack_feature(StackFeature.RANGER_SETUP_DB_ON_START, version_for_stack_feature_checks)
+stack_supports_ranger_tagsync_ssl_xml_support = check_stack_feature(StackFeature.RANGER_TAGSYNC_SSL_XML_SUPPORT, version_for_stack_feature_checks)
+stack_supports_ranger_solr_configs = check_stack_feature(StackFeature.RANGER_SOLR_CONFIG_SUPPORT, version_for_stack_feature_checks)
+stack_supports_secure_ssl_password = check_stack_feature(StackFeature.SECURE_RANGER_SSL_PASSWORD, version_for_stack_feature_checks)
+
+downgrade_from_version = default("/commandParams/downgrade_from_version", None)
+upgrade_direction = default("/commandParams/upgrade_direction", None)
+
+ranger_conf = '/etc/ranger/admin/conf'
+ranger_ugsync_conf = '/etc/ranger/usersync/conf'
+ranger_tagsync_home = format('{stack_root}/current/ranger-tagsync')
+ranger_tagsync_conf = format('{stack_root}/current/ranger-tagsync/conf')
+tagsync_bin = '/usr/bin/ranger-tagsync'
+tagsync_services_file = format('{stack_root}/current/ranger-tagsync/ranger-tagsync-services.sh')
+security_store_path = '/etc/security/serverKeys'
+tagsync_etc_path = '/etc/ranger/tagsync/'
+ranger_tagsync_credential_file= os.path.join(tagsync_etc_path,'rangercred.jceks')
+atlas_tagsync_credential_file= os.path.join(tagsync_etc_path,'atlascred.jceks')
+ranger_tagsync_keystore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']
+ranger_tagsync_truststore_password = config['configurations']['ranger-tagsync-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']
+atlas_tagsync_keystore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.keystore.password']
+atlas_tagsync_truststore_password = config['configurations']['atlas-tagsync-ssl']['xasecure.policymgr.clientssl.truststore.password']
+
+if upgrade_direction == Direction.DOWNGRADE and version and not check_stack_feature(StackFeature.CONFIG_VERSIONING, version):
+ stack_supports_rolling_upgrade = True
+ stack_supports_config_versioning = False
+
+if upgrade_direction == Direction.DOWNGRADE and version and not check_stack_feature(StackFeature.RANGER_USERSYNC_NON_ROOT, version):
+ stack_supports_usersync_non_root = False
+
+if stack_supports_rolling_upgrade:
+ ranger_home = format('{stack_root}/current/ranger-admin')
+ ranger_conf = '/etc/ranger/admin/conf'
+ ranger_stop = '/usr/bin/ranger-admin-stop'
+ ranger_start = '/usr/bin/ranger-admin-start'
+ usersync_home = format('{stack_root}/current/ranger-usersync')
+ usersync_start = '/usr/bin/ranger-usersync-start'
+ usersync_stop = '/usr/bin/ranger-usersync-stop'
+ ranger_ugsync_conf = '/etc/ranger/usersync/conf'
+
+if stack_supports_config_versioning:
+ ranger_conf = format('{stack_root}/current/ranger-admin/conf')
+ ranger_ugsync_conf = format('{stack_root}/current/ranger-usersync/conf')
+
+if stack_supports_ranger_tagsync:
+ ranger_tagsync_home = format('{stack_root}/current/ranger-tagsync')
+ tagsync_bin = '/usr/bin/ranger-tagsync'
+ ranger_tagsync_conf = format('{stack_root}/current/ranger-tagsync/conf')
+ tagsync_services_file = format('{stack_root}/current/ranger-tagsync/ranger-tagsync-services.sh')
+
+usersync_services_file = format('{stack_root}/current/ranger-usersync/ranger-usersync-services.sh')
+
+java_home = config['hostLevelParams']['java_home']
+unix_user = config['configurations']['ranger-env']['ranger_user']
+unix_group = config['configurations']['ranger-env']['ranger_group']
+ranger_pid_dir = default("/configurations/ranger-env/ranger_pid_dir", "/var/run/ranger")
+usersync_log_dir = default("/configurations/ranger-env/ranger_usersync_log_dir", "/var/log/ranger/usersync")
+admin_log_dir = default("/configurations/ranger-env/ranger_admin_log_dir", "/var/log/ranger/admin")
+ranger_admin_default_file = format('{ranger_conf}/ranger-admin-default-site.xml')
+security_app_context_file = format('{ranger_conf}/security-applicationContext.xml')
+ranger_ugsync_default_file = format('{ranger_ugsync_conf}/ranger-ugsync-default.xml')
+usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.xml')
+if stack_supports_ranger_log4j:
+ usgsync_log4j_file = format('{ranger_ugsync_conf}/log4j.properties')
+cred_validator_file = format('{usersync_home}/native/credValidator.uexe')
+
+ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0]
+
+db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower()
+usersync_exturl = config['configurations']['admin-properties']['policymgr_external_url']
+if usersync_exturl.endswith('/'):
+ usersync_exturl = usersync_exturl.rstrip('/')
+ranger_host = config['clusterHostInfo']['ranger_admin_hosts'][0]
+ugsync_host = 'localhost'
+usersync_host_info = config['clusterHostInfo']['ranger_usersync_hosts']
+if not is_empty(usersync_host_info) and len(usersync_host_info) > 0:
+ ugsync_host = config['clusterHostInfo']['ranger_usersync_hosts'][0]
+ranger_external_url = config['configurations']['admin-properties']['policymgr_external_url']
+if ranger_external_url.endswith('/'):
+ ranger_external_url = ranger_external_url.rstrip('/')
+ranger_db_name = config['configurations']['admin-properties']['db_name']
+ranger_auditdb_name = default('/configurations/admin-properties/audit_db_name', 'ranger_audits')
+
+sql_command_invoker = config['configurations']['admin-properties']['SQL_COMMAND_INVOKER']
+db_root_user = config['configurations']['admin-properties']['db_root_user']
+db_root_password = unicode(config['configurations']['admin-properties']['db_root_password'])
+db_host = config['configurations']['admin-properties']['db_host']
+ranger_db_user = config['configurations']['admin-properties']['db_user']
+ranger_audit_db_user = default('/configurations/admin-properties/audit_db_user', 'rangerlogger')
+ranger_db_password = unicode(config['configurations']['admin-properties']['db_password'])
+
+#ranger-env properties
+oracle_home = default("/configurations/ranger-env/oracle_home", "-")
+
+#For curl command in ranger to get db connector
+jdk_location = config['hostLevelParams']['jdk_location']
+java_share_dir = '/usr/share/java'
+jdbc_jar_name = None
+previous_jdbc_jar_name = None
+if db_flavor.lower() == 'mysql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mysql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mysql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:mysql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform"
+elif db_flavor.lower() == 'oracle':
+ jdbc_jar_name = default("/hostLevelParams/custom_oracle_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_oracle_jdbc_name", None)
+ jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform"
+ colon_count = db_host.count(':')
+ if colon_count == 2 or colon_count == 0:
+ audit_jdbc_url = format('jdbc:oracle:thin:@{db_host}') if stack_supports_ranger_audit_db else None
+ else:
+ audit_jdbc_url = format('jdbc:oracle:thin:@//{db_host}') if stack_supports_ranger_audit_db else None
+elif db_flavor.lower() == 'postgres':
+ jdbc_jar_name = default("/hostLevelParams/custom_postgres_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_postgres_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:postgresql://{db_host}/{ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform"
+elif db_flavor.lower() == 'mssql':
+ jdbc_jar_name = default("/hostLevelParams/custom_mssql_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_mssql_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={ranger_auditdb_name}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform"
+elif db_flavor.lower() == 'sqla':
+ jdbc_jar_name = default("/hostLevelParams/custom_sqlanywhere_jdbc_name", None)
+ previous_jdbc_jar_name = default("/hostLevelParams/previous_custom_sqlanywhere_jdbc_name", None)
+ audit_jdbc_url = format('jdbc:sqlanywhere:database={ranger_auditdb_name};host={db_host}') if stack_supports_ranger_audit_db else None
+ jdbc_dialect = "org.eclipse.persistence.platform.database.SQLAnywherePlatform"
+
+downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}")
+
+driver_curl_source = format("{jdk_location}/{jdbc_jar_name}")
+driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}")
+previous_jdbc_jar = format("{java_share_dir}/{previous_jdbc_jar_name}")
+if stack_supports_config_versioning:
+ driver_curl_target = format("{ranger_home}/ews/lib/{jdbc_jar_name}")
+ previous_jdbc_jar = format("{ranger_home}/ews/lib/{previous_jdbc_jar_name}")
+
+if db_flavor.lower() == 'sqla':
+ downloaded_custom_connector = format("{tmp_dir}/sqla-client-jdbc.tar.gz")
+ jar_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/java/sajdbc4.jar")
+ libs_path_in_archive = format("{tmp_dir}/sqla-client-jdbc/native/lib64/*")
+ jdbc_libs_dir = format("{ranger_home}/native/lib64")
+ ld_lib_path = format("{jdbc_libs_dir}")
+
+#for db connection
+check_db_connection_jar_name = "DBConnectionVerification.jar"
+check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}")
+ranger_jdbc_connection_url = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.url"]
+ranger_jdbc_driver = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.driver"]
+
+ranger_credential_provider_path = config["configurations"]["ranger-admin-site"]["ranger.credential.provider.path"]
+ranger_jpa_jdbc_credential_alias = config["configurations"]["ranger-admin-site"]["ranger.jpa.jdbc.credential.alias"]
+ranger_ambari_db_password = unicode(config["configurations"]["admin-properties"]["db_password"])
+
+ranger_jpa_audit_jdbc_credential_alias = default('/configurations/ranger-admin-site/ranger.jpa.audit.jdbc.credential.alias', 'rangeraudit')
+ranger_ambari_audit_db_password = ''
+if not is_empty(config["configurations"]["admin-properties"]["audit_db_password"]) and stack_supports_ranger_audit_db:
+ ranger_ambari_audit_db_password = unicode(config["configurations"]["admin-properties"]["audit_db_password"])
+
+ugsync_jceks_path = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.credstore.filename"]
+ugsync_cred_lib = os.path.join(usersync_home,"lib","*")
+cred_lib_path = os.path.join(ranger_home,"cred","lib","*")
+cred_setup_prefix = (format('{ranger_home}/ranger_credential_helper.py'), '-l', cred_lib_path)
+ranger_audit_source_type = config["configurations"]["ranger-admin-site"]["ranger.audit.source.type"]
+
+ranger_usersync_keystore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.password"])
+ranger_usersync_ldap_ldapbindpassword = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.ldapbindpassword"])
+ranger_usersync_truststore_password = unicode(config["configurations"]["ranger-ugsync-site"]["ranger.usersync.truststore.password"])
+ranger_usersync_keystore_file = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.keystore.file"]
+default_dn_name = 'cn=unixauthservice,ou=authenticator,o=mycompany,c=US'
+
+ranger_admin_hosts = config['clusterHostInfo']['ranger_admin_hosts']
+is_ranger_ha_enabled = True if len(ranger_admin_hosts) > 1 else False
+ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.url"]
+ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"]
+ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"]
+ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"]
+ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
+ug_sync_source = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.source.impl.class"]
+current_host = config['hostname']
+if current_host in ranger_admin_hosts:
+ ranger_host = current_host
+
+# ranger-tagsync
+ranger_tagsync_hosts = default("/clusterHostInfo/ranger_tagsync_hosts", [])
+has_ranger_tagsync = len(ranger_tagsync_hosts) > 0
+
+tagsync_log_dir = default("/configurations/ranger-tagsync-site/ranger.tagsync.logdir", "/var/log/ranger/tagsync")
+tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.keystore.filename"]
+atlas_tagsync_jceks_path = config["configurations"]["ranger-tagsync-site"]["ranger.tagsync.source.atlasrest.keystore.filename"]
+tagsync_application_properties = dict(config["configurations"]["tagsync-application-properties"]) if has_ranger_tagsync else None
+tagsync_pid_file = format('{ranger_pid_dir}/tagsync.pid')
+tagsync_cred_lib = os.path.join(ranger_tagsync_home, "lib", "*")
+
+ranger_usersync_log_maxfilesize = default('/configurations/usersync-log4j/ranger_usersync_log_maxfilesize',256)
+ranger_usersync_log_maxbackupindex = default('/configurations/usersync-log4j/ranger_usersync_log_maxbackupindex',20)
+ranger_tagsync_log_maxfilesize = default('/configurations/tagsync-log4j/ranger_tagsync_log_maxfilesize',256)
+ranger_tagsync_log_number_of_backup_files = default('/configurations/tagsync-log4j/ranger_tagsync_log_number_of_backup_files',20)
+ranger_xa_log_maxfilesize = default('/configurations/admin-log4j/ranger_xa_log_maxfilesize',256)
+ranger_xa_log_maxbackupindex = default('/configurations/admin-log4j/ranger_xa_log_maxbackupindex',20)
+
+# ranger log4j.properties
+admin_log4j = config['configurations']['admin-log4j']['content']
+usersync_log4j = config['configurations']['usersync-log4j']['content']
+tagsync_log4j = config['configurations']['tagsync-log4j']['content']
+
+# ranger kerberos
+security_enabled = config['configurations']['cluster-env']['security_enabled']
+namenode_hosts = default("/clusterHostInfo/namenode_host", [])
+has_namenode = len(namenode_hosts) > 0
+
+ugsync_policymgr_alias = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.alias"]
+ugsync_policymgr_keystore = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.policymgr.keystore"]
+
+# ranger solr
+audit_solr_enabled = default('/configurations/ranger-env/xasecure.audit.destination.solr', False)
+ranger_solr_config_set = config['configurations']['ranger-env']['ranger_solr_config_set']
+ranger_solr_collection_name = config['configurations']['ranger-env']['ranger_solr_collection_name']
+ranger_solr_shards = config['configurations']['ranger-env']['ranger_solr_shards']
+replication_factor = config['configurations']['ranger-env']['ranger_solr_replication_factor']
+ranger_solr_conf = format('{ranger_home}/contrib/solr_for_audit_setup/conf')
+infra_solr_hosts = default("/clusterHostInfo/infra_solr_hosts", [])
+has_infra_solr = len(infra_solr_hosts) > 0
+is_solrCloud_enabled = default('/configurations/ranger-env/is_solrCloud_enabled', False)
+is_external_solrCloud_enabled = default('/configurations/ranger-env/is_external_solrCloud_enabled', False)
+solr_znode = '/ranger_audits'
+if stack_supports_infra_client and is_solrCloud_enabled:
+ solr_znode = default('/configurations/ranger-admin-site/ranger.audit.solr.zookeepers', 'NONE')
+ if solr_znode != '' and solr_znode.upper() != 'NONE':
+ solr_znode = solr_znode.split('/')
+ if len(solr_znode) > 1 and len(solr_znode) == 2:
+ solr_znode = solr_znode[1]
+ solr_znode = format('/{solr_znode}')
+ if has_infra_solr and not is_external_solrCloud_enabled:
+ solr_znode = config['configurations']['infra-solr-env']['infra_solr_znode']
+solr_user = unix_user
+if has_infra_solr and not is_external_solrCloud_enabled:
+ solr_user = default('/configurations/infra-solr-env/infra_solr_user', unix_user)
+ infra_solr_role_ranger_admin = default('configurations/infra-solr-security-json/infra_solr_role_ranger_admin', 'ranger_user')
+ infra_solr_role_ranger_audit = default('configurations/infra-solr-security-json/infra_solr_role_ranger_audit', 'ranger_audit_user')
+ infra_solr_role_dev = default('configurations/infra-solr-security-json/infra_solr_role_dev', 'dev')
+custom_log4j = has_infra_solr and not is_external_solrCloud_enabled
+
+ranger_audit_max_retention_days = config['configurations']['ranger-solr-configuration']['ranger_audit_max_retention_days']
+ranger_audit_logs_merge_factor = config['configurations']['ranger-solr-configuration']['ranger_audit_logs_merge_factor']
+ranger_solr_config_content = config['configurations']['ranger-solr-configuration']['content']
+
+# get comma separated list of zookeeper hosts
+zookeeper_port = default('/configurations/zoo.cfg/clientPort', None)
+zookeeper_hosts = default("/clusterHostInfo/zookeeper_hosts", [])
+index = 0
+zookeeper_quorum = ""
+for host in zookeeper_hosts:
+ zookeeper_quorum += host + ":" + str(zookeeper_port)
+ index += 1
+ if index < len(zookeeper_hosts):
+ zookeeper_quorum += ","
+
+# solr kerberised
+solr_jaas_file = None
+is_external_solrCloud_kerberos = default('/configurations/ranger-env/is_external_solrCloud_kerberos', False)
+
+if security_enabled:
+ if has_ranger_tagsync:
+ ranger_tagsync_principal = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.principal']
+ if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '':
+ tagsync_jaas_principal = ranger_tagsync_principal.replace('_HOST', current_host.lower())
+ tagsync_keytab_path = config['configurations']['ranger-tagsync-site']['ranger.tagsync.kerberos.keytab']
+
+ if stack_supports_ranger_kerberos:
+ ranger_admin_keytab = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.keytab']
+ ranger_admin_principal = config['configurations']['ranger-admin-site']['ranger.admin.kerberos.principal']
+ if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
+ ranger_admin_jaas_principal = ranger_admin_principal.replace('_HOST', ranger_host.lower())
+ if stack_supports_infra_client and is_solrCloud_enabled and is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
+ solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
+ solr_kerberos_principal = ranger_admin_jaas_principal
+ solr_kerberos_keytab = ranger_admin_keytab
+ if stack_supports_infra_client and is_solrCloud_enabled and not is_external_solrCloud_enabled and not is_external_solrCloud_kerberos:
+ solr_jaas_file = format('{ranger_home}/conf/ranger_solr_jaas.conf')
+ solr_kerberos_principal = ranger_admin_jaas_principal
+ solr_kerberos_keytab = ranger_admin_keytab
+
+# logic to create core-site.xml if hdfs not installed
+if stack_supports_ranger_kerberos and not has_namenode:
+ core_site_property = {
+ 'hadoop.security.authentication': 'kerberos' if security_enabled else 'simple'
+ }
+
+ if security_enabled:
+ realm = 'EXAMPLE.COM'
+ ranger_admin_bare_principal = 'rangeradmin'
+ ranger_usersync_bare_principal = 'rangerusersync'
+ ranger_tagsync_bare_principal = 'rangertagsync'
+
+ ranger_usersync_principal = config['configurations']['ranger-ugsync-site']['ranger.usersync.kerberos.principal']
+ if not is_empty(ranger_admin_principal) and ranger_admin_principal != '':
+ ranger_admin_bare_principal = get_bare_principal(ranger_admin_principal)
+ if not is_empty(ranger_usersync_principal) and ranger_usersync_principal != '':
+ ranger_usersync_bare_principal = get_bare_principal(ranger_usersync_principal)
+ realm = config['configurations']['kerberos-env']['realm']
+
+ rule_dict = [
+ {'principal': ranger_admin_bare_principal, 'user': unix_user},
+ {'principal': ranger_usersync_bare_principal, 'user': 'rangerusersync'},
+ ]
+
+ if has_ranger_tagsync:
+ if not is_empty(ranger_tagsync_principal) and ranger_tagsync_principal != '':
+ ranger_tagsync_bare_principal = get_bare_principal(ranger_tagsync_principal)
+ rule_dict.append({'principal': ranger_tagsync_bare_principal, 'user': 'rangertagsync'})
+
+ core_site_auth_to_local_property = ''
+ for item in range(len(rule_dict)):
+ rule_line = 'RULE:[2:$1@$0]({0}@{1})s/.*/{2}/\n'.format(rule_dict[item]['principal'], realm, rule_dict[item]['user'])
+ core_site_auth_to_local_property = rule_line + core_site_auth_to_local_property
+
+ core_site_auth_to_local_property = core_site_auth_to_local_property + 'DEFAULT'
+ core_site_property['hadoop.security.auth_to_local'] = core_site_auth_to_local_property
+
+upgrade_type = Script.get_upgrade_type(default("/commandParams/upgrade_type", ""))
+
+# ranger service pid
+user_group = config['configurations']['cluster-env']['user_group']
+ranger_admin_pid_file = format('{ranger_pid_dir}/rangeradmin.pid')
+ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid')
+
+# admin credential
+admin_username = config['configurations']['ranger-env']['admin_username']
+admin_password = config['configurations']['ranger-env']['admin_password']
+default_admin_password = 'admin'
+
+ranger_is_solr_kerberised = "false"
+if audit_solr_enabled and is_solrCloud_enabled:
+ # Check internal solrCloud
+ if security_enabled and not is_external_solrCloud_enabled:
+ ranger_is_solr_kerberised = "true"
+ # Check external solrCloud
+ if is_external_solrCloud_enabled and is_external_solrCloud_kerberos:
+ ranger_is_solr_kerberised = "true"
+
+hbase_master_hosts = default("/clusterHostInfo/hbase_master_hosts", [])
+is_hbase_ha_enabled = True if len(hbase_master_hosts) > 1 else False
+is_namenode_ha_enabled = True if len(namenode_hosts) > 1 else False
+ranger_hbase_plugin_enabled = False
+ranger_hdfs_plugin_enabled = False
+
+
+if is_hbase_ha_enabled:
+ if not is_empty(config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled']):
+ ranger_hbase_plugin_enabled = config['configurations']['ranger-hbase-plugin-properties']['ranger-hbase-plugin-enabled'].lower() == 'yes'
+if is_namenode_ha_enabled:
+ if not is_empty(config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled']):
+ ranger_hdfs_plugin_enabled = config['configurations']['ranger-hdfs-plugin-properties']['ranger-hdfs-plugin-enabled'].lower() == 'yes'
+
+ranger_admin_password_properties = ['ranger.jpa.jdbc.password', 'ranger.jpa.audit.jdbc.password', 'ranger.ldap.bind.password', 'ranger.ldap.ad.bind.password']
+ranger_usersync_password_properties = ['ranger.usersync.ldap.ldapbindpassword']
+ranger_tagsync_password_properties = ['xasecure.policymgr.clientssl.keystore.password', 'xasecure.policymgr.clientssl.truststore.password']
+if stack_supports_secure_ssl_password:
+ ranger_admin_password_properties.extend(['ranger.service.https.attrib.keystore.pass', 'ranger.truststore.password'])
+ ranger_usersync_password_properties.extend(['ranger.usersync.keystore.password', 'ranger.usersync.truststore.password'])
+
+ranger_auth_method = config['configurations']['ranger-admin-site']['ranger.authentication.method']
+ranger_ldap_password_alias = default('/configurations/ranger-admin-site/ranger.ldap.binddn.credential.alias', 'ranger.ldap.bind.password')
+ranger_ad_password_alias = default('/configurations/ranger-admin-site/ranger.ldap.ad.binddn.credential.alias', 'ranger.ldap.ad.bind.password')
+ranger_https_keystore_alias = default('/configurations/ranger-admin-site/ranger.service.https.attrib.keystore.credential.alias', 'keyStoreCredentialAlias')
+ranger_truststore_alias = default('/configurations/ranger-admin-site/ranger.truststore.alias', 'trustStoreAlias')
+https_enabled = config['configurations']['ranger-admin-site']['ranger.service.https.attrib.ssl.enabled']
+http_enabled = config['configurations']['ranger-admin-site']['ranger.service.http.enabled']
+https_keystore_password = config['configurations']['ranger-admin-site']['ranger.service.https.attrib.keystore.pass']
+truststore_password = config['configurations']['ranger-admin-site']['ranger.truststore.password']
+
+# need this to capture cluster name for ranger tagsync
+cluster_name = config['clusterName']
+ranger_ldap_bind_auth_password = config['configurations']['ranger-admin-site']['ranger.ldap.bind.password']
+ranger_ad_bind_auth_password = config['configurations']['ranger-admin-site']['ranger.ldap.ad.bind.password']
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_admin.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_admin.py
new file mode 100644
index 0000000..bdf7661
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_admin.py
@@ -0,0 +1,210 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.core.exceptions import Fail
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.functions import stack_select
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions.constants import Direction
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from setup_ranger_xml import setup_ranger_audit_solr, setup_ranger_admin_passwd_change
+from resource_management.libraries.functions import solr_cloud_util
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+from setup_ranger_xml import ranger
+import upgrade
+import os, errno
+
+class RangerAdmin(Script):
+
+ def get_component_name(self):
+ return "ranger-admin"
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+ # call config and setup db only in case of stack version < 2.6
+ if not params.stack_supports_ranger_setup_db_on_start:
+ self.configure(env, setup_db=True)
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if params.stack_supports_rolling_upgrade and not params.stack_supports_config_versioning and os.path.isfile(format('{ranger_home}/ews/stop-ranger-admin.sh')):
+ File(format('{ranger_home}/ews/stop-ranger-admin.sh'),
+ owner=params.unix_user,
+ group = params.unix_group
+ )
+
+ Execute(format('{params.ranger_stop}'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
+ if params.stack_supports_pid:
+ File(params.ranger_admin_pid_file,
+ action = "delete"
+ )
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ upgrade.prestart(env, "ranger-admin")
+
+ self.set_ru_rangeradmin_in_progress(params.upgrade_marker_file)
+
+ def post_upgrade_restart(self,env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if os.path.isfile(params.upgrade_marker_file):
+ os.remove(params.upgrade_marker_file)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ # setup db only if in case stack version is > 2.6
+ self.configure(env, upgrade_type=upgrade_type, setup_db=params.stack_supports_ranger_setup_db_on_start)
+
+ if params.stack_supports_infra_client and params.audit_solr_enabled and params.is_solrCloud_enabled:
+ solr_cloud_util.setup_solr_client(params.config, custom_log4j = params.custom_log4j)
+ setup_ranger_audit_solr()
+
+ ranger_service('ranger_admin')
+
+ def status(self, env):
+ import status_params
+
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_admin_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+
+ if code != 0:
+ if self.is_ru_rangeradmin_in_progress(status_params.upgrade_marker_file):
+ Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
+ else:
+ Logger.debug('Ranger admin process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def configure(self, env, upgrade_type=None, setup_db=False):
+ import params
+ env.set_params(params)
+
+ # set up db if we are not upgrading and setup_db is true
+ if setup_db and upgrade_type is None:
+ from setup_ranger_xml import setup_ranger_db
+ setup_ranger_db()
+
+ ranger('ranger_admin', upgrade_type=upgrade_type)
+
+ # set up java patches if we are not upgrading and setup_db is true
+ if setup_db and upgrade_type is None:
+ from setup_ranger_xml import setup_java_patch
+ setup_java_patch()
+
+ if params.stack_supports_ranger_admin_password_change:
+ setup_ranger_admin_passwd_change()
+
+ def set_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ config_dir = os.path.dirname(upgrade_marker_file)
+ try:
+ msg = "Starting Upgrade"
+ if (not os.path.exists(config_dir)):
+ os.makedirs(config_dir)
+ ofp = open(upgrade_marker_file, 'w')
+ ofp.write(msg)
+ ofp.close()
+ except OSError as exc:
+ if exc.errno == errno.EEXIST and os.path.isdir(config_dir):
+ pass
+ else:
+ raise
+
+ def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ return os.path.isfile(upgrade_marker_file)
+
+ def setup_ranger_database(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+
+ if params.upgrade_direction == Direction.UPGRADE:
+ Logger.info(format('Setting Ranger database schema, using version {stack_version}'))
+
+ from setup_ranger_xml import setup_ranger_db
+ setup_ranger_db(stack_version=stack_version)
+
+ def setup_ranger_java_patches(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_version = upgrade_stack[1]
+
+ if params.upgrade_direction == Direction.UPGRADE:
+ Logger.info(format('Applying Ranger java patches, using version {stack_version}'))
+
+ from setup_ranger_xml import setup_java_patch
+ setup_java_patch(stack_version=stack_version)
+
+ def set_pre_start(self, env):
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_name = upgrade_stack[0]
+ stack_version = upgrade_stack[1]
+
+ stack_select.select("ranger-admin", stack_version)
+ conf_select.select(stack_name, "ranger-admin", stack_version)
+
+ def get_log_folder(self):
+ import params
+ return params.admin_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+if __name__ == "__main__":
+ RangerAdmin().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_service.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_service.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_service.py
new file mode 100644
index 0000000..a0ecfac
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_service.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.functions.format import format
+from resource_management.libraries.functions.show_logs import show_logs
+from resource_management.core.resources.system import Execute
+
+def ranger_service(name, action=None):
+ import params
+
+ env_dict = {'JAVA_HOME': params.java_home}
+ if params.db_flavor.lower() == 'sqla':
+ env_dict = {'JAVA_HOME': params.java_home, 'LD_LIBRARY_PATH': params.ld_lib_path}
+
+ if name == 'ranger_admin':
+ no_op_test = format('ps -ef | grep proc_rangeradmin | grep -v grep')
+ try:
+ Execute(params.ranger_start, environment=env_dict, user=params.unix_user, not_if=no_op_test)
+ except:
+ show_logs(params.admin_log_dir, params.unix_user)
+ raise
+ elif name == 'ranger_usersync':
+ no_op_test = format('ps -ef | grep proc_rangerusersync | grep -v grep')
+ if params.stack_supports_usersync_non_root:
+ try:
+ Execute(params.usersync_start,
+ environment=env_dict,
+ not_if=no_op_test,
+ user=params.unix_user
+ )
+ except:
+ show_logs(params.usersync_log_dir, params.unix_user)
+ raise
+ else:
+ # Usersync requires to be run as root for 2.2
+ Execute((params.usersync_start,),
+ environment={'JAVA_HOME': params.java_home},
+ not_if=no_op_test,
+ sudo=True
+ )
+ elif name == 'ranger_tagsync' and params.stack_supports_ranger_tagsync:
+ no_op_test = format('ps -ef | grep proc_rangertagsync | grep -v grep')
+ cmd = format('{tagsync_services_file} start')
+ try:
+ Execute(cmd,
+ environment=env_dict,
+ user=params.unix_user,
+ not_if=no_op_test
+ )
+ except:
+ show_logs(params.tagsync_log_dir, params.unix_user)
+ raise
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_tagsync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_tagsync.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_tagsync.py
new file mode 100644
index 0000000..c1e32ba
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_tagsync.py
@@ -0,0 +1,139 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.script import Script
+from resource_management.libraries.functions import conf_select
+from resource_management.libraries.functions import stack_select
+from resource_management.core.resources.system import Execute, File
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from setup_ranger_xml import ranger, ranger_credential_helper
+from resource_management.core.exceptions import Fail
+import upgrade
+
+class RangerTagsync(Script):
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ ranger_credential_helper(params.tagsync_cred_lib, 'tagadmin.user.password', 'rangertagsync', params.tagsync_jceks_path)
+ File(params.tagsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Stack support Atlas user for Tagsync, creating keystore for same.")
+ self.create_atlas_user_keystore(env)
+ else:
+ Logger.info("Stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
+ self.configure(env)
+
+ def configure(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+ ranger('ranger_tagsync', upgrade_type=upgrade_type)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ self.configure(env, upgrade_type=upgrade_type)
+ ranger_service('ranger_tagsync')
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ Execute(format('{tagsync_services_file} stop'), environment={'JAVA_HOME': params.java_home}, user=params.unix_user)
+ File(params.tagsync_pid_file,
+ action = "delete"
+ )
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ check_process_status(status_params.tagsync_pid_file)
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if params.stack_supports_ranger_tagsync:
+ Logger.info("Executing Ranger Tagsync Stack Upgrade pre-restart")
+ conf_select.select(params.stack_name, "ranger-tagsync", params.version)
+ stack_select.select("ranger-tagsync", params.version)
+
+ def get_component_name(self):
+ return "ranger-tagsync"
+
+ def get_log_folder(self):
+ import params
+ return params.tagsync_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+ def get_pid_files(self):
+ import status_params
+ return [status_params.tagsync_pid_file]
+
+ def configure_atlas_user_for_tagsync(self, env):
+ Logger.info("Configuring Atlas user for Tagsync service.")
+ import params
+ env.set_params(params)
+
+ upgrade_stack = stack_select._get_upgrade_stack()
+ if upgrade_stack is None:
+ raise Fail('Unable to determine the stack and stack version')
+
+ stack_name = upgrade_stack[0]
+ stack_version = upgrade_stack[1]
+
+ stack_select.select("ranger-tagsync", stack_version)
+ conf_select.select(stack_name, "ranger-tagsync", stack_version)
+ if params.stack_supports_ranger_tagsync_ssl_xml_support:
+ Logger.info("Upgrading Tagsync, stack support Atlas user for Tagsync, creating keystore for same.")
+ self.create_atlas_user_keystore(env)
+ else:
+ Logger.info("Upgrading Tagsync, stack does not support Atlas user for Tagsync, skipping keystore creation for same.")
+
+ Logger.info("Configuring Atlas user for Tagsync service done.")
+
+ def create_atlas_user_keystore(self,env):
+ import params
+ env.set_params(params)
+ ranger_credential_helper(params.tagsync_cred_lib, 'atlas.user.password', 'admin', params.atlas_tagsync_jceks_path)
+ File(params.atlas_tagsync_jceks_path,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+if __name__ == "__main__":
+ RangerTagsync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_usersync.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_usersync.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_usersync.py
new file mode 100644
index 0000000..ca84528
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/ranger_usersync.py
@@ -0,0 +1,120 @@
+#!/usr/bin/env python
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+from resource_management.libraries.functions.check_process_status import check_process_status
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute, File
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+from resource_management.core import shell
+from ranger_service import ranger_service
+from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING
+from resource_management.libraries.functions.constants import Direction
+from setup_ranger_xml import ranger
+import upgrade
+import os
+
+class RangerUsersync(Script):
+
+ def install(self, env):
+ self.install_packages(env)
+ import params
+ env.set_params(params)
+
+ if params.stack_supports_usersync_passwd:
+ from setup_ranger_xml import ranger_credential_helper
+ ranger_credential_helper(params.ugsync_cred_lib, params.ugsync_policymgr_alias, 'rangerusersync', params.ugsync_policymgr_keystore)
+
+ File(params.ugsync_policymgr_keystore,
+ owner = params.unix_user,
+ group = params.unix_group,
+ mode = 0640
+ )
+
+ self.configure(env)
+
+ def configure(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ ranger('ranger_usersync', upgrade_type=upgrade_type)
+
+ def start(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ self.configure(env, upgrade_type=upgrade_type)
+ ranger_service('ranger_usersync')
+
+ def stop(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+
+ if upgrade_type == UPGRADE_TYPE_NON_ROLLING and params.upgrade_direction == Direction.UPGRADE:
+ if params.stack_supports_usersync_non_root and os.path.isfile(params.usersync_services_file):
+ File(params.usersync_services_file,
+ mode = 0755
+ )
+ Execute(('ln','-sf', format('{usersync_services_file}'),'/usr/bin/ranger-usersync'),
+ not_if=format("ls /usr/bin/ranger-usersync"),
+ only_if=format("ls {usersync_services_file}"),
+ sudo=True
+ )
+
+ Execute((params.usersync_stop,), environment={'JAVA_HOME': params.java_home}, sudo=True)
+ if params.stack_supports_pid:
+ File(params.ranger_usersync_pid_file,
+ action = "delete"
+ )
+
+ def status(self, env):
+ import status_params
+ env.set_params(status_params)
+
+ if status_params.stack_supports_pid:
+ check_process_status(status_params.ranger_usersync_pid_file)
+ return
+
+ cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep'
+ code, output = shell.call(cmd, timeout=20)
+
+ if code != 0:
+ Logger.debug('Ranger usersync process not running')
+ raise ComponentIsNotRunning()
+ pass
+
+ def pre_upgrade_restart(self, env, upgrade_type=None):
+ import params
+ env.set_params(params)
+ upgrade.prestart(env, "ranger-usersync")
+
+ def get_component_name(self):
+ return "ranger-usersync"
+
+ def get_log_folder(self):
+ import params
+ return params.usersync_log_dir
+
+ def get_user(self):
+ import params
+ return params.unix_user
+
+if __name__ == "__main__":
+ RangerUsersync().execute()
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/service_check.py
new file mode 100644
index 0000000..fb6af95
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/package/scripts/service_check.py
@@ -0,0 +1,49 @@
+"""
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+"""
+
+from resource_management.libraries.script import Script
+from resource_management.core.resources.system import Execute
+from resource_management.core.exceptions import ComponentIsNotRunning
+from resource_management.libraries.functions.format import format
+from resource_management.core.logger import Logger
+import os
+
+
+class RangerServiceCheck(Script):
+
+ def service_check(self, env):
+ import params
+
+ env.set_params(params)
+ self.check_ranger_admin_service(params.ranger_external_url, params.upgrade_marker_file)
+
+ def check_ranger_admin_service(self, ranger_external_url, upgrade_marker_file):
+ if (self.is_ru_rangeradmin_in_progress(upgrade_marker_file)):
+ Logger.info('Ranger admin process not running - skipping as stack upgrade is in progress')
+ else:
+ Execute(format("curl -s -o /dev/null -w'%{{http_code}}' --negotiate -u: -k {ranger_external_url}/login.jsp | grep 200"),
+ tries = 10,
+ try_sleep=3,
+ logoutput=True)
+
+ def is_ru_rangeradmin_in_progress(self, upgrade_marker_file):
+ return os.path.isfile(upgrade_marker_file)
+
+if __name__ == "__main__":
+ RangerServiceCheck().execute()