You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mu...@apache.org on 2017/07/06 04:24:11 UTC
[10/17] ambari git commit: AMBARI-21058 HDP 3.0 - Changing common
service version for Ranger & Ranger Kms (mugdha)
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/atlas-tagsync-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/atlas-tagsync-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/atlas-tagsync-ssl.xml
new file mode 100644
index 0000000..d43c010
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/atlas-tagsync-ssl.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>/etc/security/serverKeys/atlas-tagsync-keystore.jks</value>
+ <description>Java Keystore files</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>myKeyFilePassword</value>
+ <property-type>PASSWORD</property-type>
+ <description>password for keystore</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>/etc/security/serverKeys/atlas-tagsync-mytruststore.jks</value>
+ <description>java truststore file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <description>java truststore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file{{atlas_tagsync_credential_file}}</value>
+ <description>java keystore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file{{atlas_tagsync_credential_file}}</value>
+ <description>java truststore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-admin-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-admin-site.xml
new file mode 100644
index 0000000..e2b6c24
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-admin-site.xml
@@ -0,0 +1,751 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration supports_final="true">
+ <property>
+ <name>ranger.service.host</name>
+ <value>{{ranger_host}}</value>
+ <description>Host where ranger service to be installed</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.http.enabled</name>
+ <value>true</value>
+ <display-name>HTTP enabled</display-name>
+ <description>Enable HTTP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.http.port</name>
+ <value>6080</value>
+ <description>HTTP port</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.port</name>
+ <value>6182</value>
+ <description>HTTPS port (if SSL is enabled)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.ssl.enabled</name>
+ <value>false</value>
+ <description>true/false, set to true if using SSL</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.clientAuth</name>
+ <value>want</value>
+ <description>Needs to be set to want for two way SSL</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.keyalias</name>
+ <value>rangeradmin</value>
+ <description>Alias for Ranger Admin key in keystore</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.pass</name>
+ <value>xasecure</value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for keystore</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.https.attrib.keystore.file</name>
+ <value>/etc/security/serverKeys/ranger-admin-keystore.jks</value>
+ <description>Ranger admin keystore (specify full path)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.externalurl</name>
+ <value>{{ranger_external_url}}</value>
+ <display-name>External URL</display-name>
+ <description>URL to be used by clients to access ranger admin</description>
+ <value-attributes>
+ <visible>false</visible>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.driver</name>
+ <value>com.mysql.jdbc.Driver</value>
+ <display-name>Driver class name for a JDBC Ranger database</display-name>
+ <description>JDBC driver class name. Example: For MySQL / MariaDB: com.mysql.jdbc.Driver, For Oracle: oracle.jdbc.OracleDriver</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.url</name>
+ <value>jdbc:mysql://localhost</value>
+ <display-name>JDBC connect string for a Ranger database</display-name>
+ <description>JDBC connect string</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ <property>
+ <type>admin-properties</type>
+ <name>db_host</name>
+ </property>
+ <property>
+ <type>admin-properties</type>
+ <name>db_name</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.user</name>
+ <value>{{ranger_db_user}}</value>
+ <description>JDBC user</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.password</name>
+ <value>_</value>
+ <property-type>PASSWORD</property-type>
+ <description>JDBC password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.credential.alias</name>
+ <value>rangeradmin</value>
+ <description>Alias name for storing JDBC password</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.credential.provider.path</name>
+ <value>/etc/ranger/admin/rangeradmin.jceks</value>
+ <description>File for credential store, provide full file path</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.source.type</name>
+ <value>solr</value>
+ <description>db or solr, based on the audit destination used</description>
+ <depends-on>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.solr</name>
+ </property>
+ <property>
+ <type>ranger-env</type>
+ <name>xasecure.audit.destination.db</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.urls</name>
+ <value/>
+ <description>Solr url for audit. Example: http://solr_host:6083/solr/ranger_audits</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.authentication.method</name>
+ <value>UNIX</value>
+ <display-name>Authentication method</display-name>
+ <description>Ranger admin Authentication - UNIX/PAM/LDAP/AD/NONE</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-ugsync-site</type>
+ <name>ranger.usersync.source.impl.class</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.url</name>
+ <display-name>LDAP URL</display-name>
+ <value>{{ranger_ug_ldap_url}}</value>
+ <description>LDAP Server URL, only used if Authentication method is LDAP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.user.dnpattern</name>
+ <value>uid={0},ou=users,dc=xasecure,dc=net</value>
+ <description>LDAP user DN, only used if Authentication method is LDAP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.searchbase</name>
+ <display-name>Group Search Base</display-name>
+ <value>{{ranger_ug_ldap_group_searchbase}}</value>
+ <description>LDAP group searchbase, only used if Authentication method is LDAP</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.searchfilter</name>
+ <display-name>Group Search Filter</display-name>
+ <value>{{ranger_ug_ldap_group_searchfilter}}</value>
+ <description>LDAP group search filter, only used if Authentication method is LDAP</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.group.roleattribute</name>
+ <value>cn</value>
+ <description>LDAP group role attribute, only used if Authentication method is LDAP</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.base.dn</name>
+ <value>dc=example,dc=com</value>
+ <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.bind.dn</name>
+ <display-name>Bind User</display-name>
+ <value>{{ranger_ug_ldap_bind_dn}}</value>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.bind.password</name>
+ <display-name>Bind User Password</display-name>
+ <value></value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the account that can search for users</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.domain</name>
+ <display-name>Domain Name (Only for AD)</display-name>
+ <value/>
+ <description>AD domain, only used if Authentication method is AD</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.url</name>
+ <value>{{ranger_ug_ldap_url}}</value>
+ <description>AD URL, only used if Authentication method is AD</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.base.dn</name>
+ <value>dc=example,dc=com</value>
+ <description>The Distinguished Name (DN) of the starting point for directory server searches.</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.bind.dn</name>
+ <value>{{ranger_ug_ldap_bind_dn}}</value>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.bind.password</name>
+ <value></value>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the account that can search for users</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.unixauth.remote.login.enabled</name>
+ <value>true</value>
+ <display-name>Allow remote Login</display-name>
+ <description>Remote login enabled? - only used if Authentication method is UNIX</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.unixauth.service.hostname</name>
+ <value>{{ugsync_host}}</value>
+ <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.unixauth.service.port</name>
+ <value>5151</value>
+ <description>Port for unix authentication service - only used if Authentication method is UNIX</description>
+ <value-attributes>
+ <type>int</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.jpa.jdbc.dialect</name>
+ <value>{{jdbc_dialect}}</value>
+ <description>JDBC dialect used for policy DB</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.username</name>
+ <value>ranger_solr</value>
+ <description>Solr username</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.password</name>
+ <value>NONE</value>
+ <property-type>PASSWORD</property-type>
+ <description>Solr password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.providerurl</name>
+ <value/>
+ <display-name>SSO provider url</display-name>
+ <description>Example: https://KNOX_HOST:KNOX_PORT/gateway/TOPOLOGY_NAME/knoxsso/api/v1/websso</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>gateway-site</type>
+ <name>gateway.port</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.publicKey</name>
+ <value/>
+ <display-name>SSO public key</display-name>
+ <description>Public key for SSO cookie verification</description>
+ <value-attributes>
+ <type>multiLine</type>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.enabled</name>
+ <value>false</value>
+ <display-name>Enable Ranger SSO</display-name>
+ <description/>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.sso.browser.useragent</name>
+ <value>Mozilla,chrome</value>
+ <display-name>SSO browser useragent</display-name>
+ <description>Comma seperated browser agent</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.binddn.credential.alias</name>
+ <value>ranger.ldap.bind.password</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.binddn.credential.alias</name>
+ <value>ranger.ldap.ad.bind.password</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.token.valid.seconds</name>
+ <value>30</value>
+ <description/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.cookie.domain</name>
+ <value>{{ranger_host}}</value>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.cookie.path</name>
+ <value>/</value>
+ <description/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.spnego.kerberos.principal</name>
+ <value>*</value>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.spnego.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.admin.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.lookup.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.lookup.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.truststore.file</name>
+ <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value>
+ <display-name>ranger.truststore.file</display-name>
+ <description>Ranger trust-store file-path</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <display-name>ranger.truststore.password</display-name>
+ <description>Ranger trust-store password</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.audit.solr.zookeepers</name>
+ <value>NONE</value>
+ <description>Solr Zookeeper string</description>
+ <depends-on>
+ <property>
+ <type>infra-solr-env</type>
+ <name>infra_solr_znode</name>
+ </property>
+ <property>
+ <type>ranger-env</type>
+ <name>is_solrCloud_enabled</name>
+ </property>
+ <property>
+ <type>ranger-env</type>
+ <name>is_external_solrCloud_enabled</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.ldap.ad.user.searchfilter</name>
+ <value>(sAMAccountName={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.ldap.user.searchfilter</name>
+ <display-name>User Search Filter</display-name>
+ <value>(uid={0})</value>
+ <description>Search filter used for Bind Authentication</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.kms.service.user.hdfs</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>hadoop-env</type>
+ <name>hdfs_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.kms.service.user.hive</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>hive-env</type>
+ <name>hive_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.hdfs.serviceuser</name>
+ <value>hdfs</value>
+ <depends-on>
+ <property>
+ <type>hadoop-env</type>
+ <name>hdfs_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.hive.serviceuser</name>
+ <value>hive</value>
+ <depends-on>
+ <property>
+ <type>hive-env</type>
+ <name>hive_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.hbase.serviceuser</name>
+ <value>hbase</value>
+ <depends-on>
+ <property>
+ <type>hbase-env</type>
+ <name>hbase_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.yarn.serviceuser</name>
+ <value>yarn</value>
+ <depends-on>
+ <property>
+ <type>yarn-env</type>
+ <name>yarn_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.knox.serviceuser</name>
+ <value>knox</value>
+ <depends-on>
+ <property>
+ <type>knox-env</type>
+ <name>knox_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.storm.serviceuser</name>
+ <value>storm</value>
+ <depends-on>
+ <property>
+ <type>storm-env</type>
+ <name>storm_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.kafka.serviceuser</name>
+ <value>kafka</value>
+ <depends-on>
+ <property>
+ <type>kafka-env</type>
+ <name>kafka_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.atlas.serviceuser</name>
+ <value>atlas</value>
+ <depends-on>
+ <property>
+ <type>atlas-env</type>
+ <name>metadata_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.plugins.kms.serviceuser</name>
+ <value>kms</value>
+ <depends-on>
+ <property>
+ <type>kms-env</type>
+ <name>kms_user</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.is.solr.kerberised</name>
+ <value>{{ranger_is_solr_kerberised}}</value>
+ <value-attributes>
+ <visible>false</visible>
+ </value-attributes>
+ <description/>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.truststore.alias</name>
+ <value>trustStoreAlias</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.service.https.attrib.keystore.credential.alias</name>
+ <value>keyStoreCredentialAlias</value>
+ <description></description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml
new file mode 100644
index 0000000..ff44901
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-env.xml
@@ -0,0 +1,503 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true" supports_adding_forbidden="true">
+ <property>
+ <name>ranger_user</name>
+ <value>ranger</value>
+ <property-type>USER</property-type>
+ <display-name>Ranger User</display-name>
+ <description>Ranger username</description>
+ <value-attributes>
+ <type>user</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_group</name>
+ <value>ranger</value>
+ <property-type>GROUP</property-type>
+ <display-name>Ranger Group</display-name>
+ <description>Ranger group</description>
+ <value-attributes>
+ <type>user</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_admin_log_dir</name>
+ <value>/var/log/ranger/admin</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_usersync_log_dir</name>
+ <value>/var/log/ranger/usersync</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_admin_username</name>
+ <value>amb_ranger_admin</value>
+ <property-type>TEXT</property-type>
+ <display-name>Ranger Admin username for Ambari</display-name>
+ <description>This is the ambari user created for creating repositories and policies in Ranger Admin for each plugin</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_admin_password</name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <display-name>Ranger Admin user's password for Ambari</display-name>
+ <description>This is the ambari user password created for creating repositories and policies in Ranger Admin for each plugin</description>
+ <value-attributes>
+ <type>password</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>admin_username</name>
+ <value>admin</value>
+ <description>This is the username for default admin user that is used for creating ambari user in Ranger Admin</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>admin_password</name>
+ <value>admin</value>
+ <property-type>PASSWORD</property-type>
+ <description>This is the password for default admin user that is used for creating ambari user in Ranger Admin</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_pid_dir</name>
+ <value>/var/run/ranger</value>
+ <description/>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ <editable-only-at-install>true</editable-only-at-install>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-hdfs-plugin-enabled</name>
+ <value>No</value>
+ <display-name>HDFS Ranger Plugin</display-name>
+ <description>Enable HDFS Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-hive-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Hive Ranger Plugin</display-name>
+ <description>Enable Hive Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-hbase-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Hbase Ranger Plugin</display-name>
+ <description>Enable HBase Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-storm-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Storm Ranger Plugin</display-name>
+ <description>Enable Storm Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-knox-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Knox Ranger Plugin</display-name>
+ <description>Enable Knox Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xml_configurations_supported</name>
+ <value>true</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>create_db_dbuser</name>
+ <value>true</value>
+ <display-name>Setup Database and Database User</display-name>
+ <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_privelege_user_jdbc_url</name>
+ <display-name>JDBC connect string for root user</display-name>
+ <description>JDBC connect string - auto populated based on other values. This is to be used by root user</description>
+ <value>jdbc:mysql://localhost</value>
+ <value-attributes>
+ <overridable>false</overridable>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>admin-properties</type>
+ <name>DB_FLAVOR</name>
+ </property>
+ <property>
+ <type>admin-properties</type>
+ <name>db_host</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-yarn-plugin-enabled</name>
+ <value>No</value>
+ <display-name>YARN Ranger Plugin</display-name>
+ <description>Enable YARN Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-kafka-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Kafka Ranger Plugin</display-name>
+ <description>Enable Kafka Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.solr</name>
+ <value>true</value>
+ <display-name>Audit to Solr</display-name>
+ <description>Enable Audit to Solr for all ranger supported services. This property is overridable at service level</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>is_solrCloud_enabled</name>
+ <display-name>SolrCloud</display-name>
+ <description>SolrCloud uses zookeeper for distributed search and indexing</description>
+ <value>false</value>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs</name>
+ <value>true</value>
+ <display-name>Audit to HDFS</display-name>
+ <description>Enable Audit to HDFS for all ranger supported services. This property is overridable at service level</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ <value>hdfs://localhost:8020</value>
+ <display-name>Destination HDFS Directory</display-name>
+ <description>HDFS folder to write audit to, make sure all service user has required permissions. This property is overridable at service level</description>
+ <depends-on>
+ <property>
+ <type>core-site</type>
+ <name>fs.defaultFS</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_config_set</name>
+ <value>ranger_audits</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_collection_name</name>
+ <value>ranger_audits</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_shards</name>
+ <value>1</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_solr_replication_factor</name>
+ <value>1</value>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-atlas-plugin-enabled</name>
+ <value>No</value>
+ <display-name>Atlas Ranger Plugin</display-name>
+ <description>Enable Atlas Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>is_external_solrCloud_enabled</name>
+ <display-name>External SolrCloud</display-name>
+ <value>false</value>
+ <description>Using Externally managed solr cloud ?</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>is_external_solrCloud_kerberos</name>
+ <display-name>External SolrCloud kerberos</display-name>
+ <value>false</value>
+ <description>Is Externally managed solr cloud kerberos ?</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger-nifi-plugin-enabled</name>
+ <value>No</value>
+ <display-name>NIFI Ranger Plugin</display-name>
+ <description>Enable NIFI Ranger plugin</description>
+ <value-attributes>
+ <overridable>false</overridable>
+ <type>value-list</type>
+ <entries>
+ <entry>
+ <value>Yes</value>
+ <label>ON</label>
+ </entry>
+ <entry>
+ <value>No</value>
+ <label>OFF</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-solr-configuration.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-solr-configuration.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-solr-configuration.xml
new file mode 100644
index 0000000..550ce0d
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-solr-configuration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>ranger_audit_max_retention_days</name>
+ <display-name>Max Retention Days</display-name>
+ <description>Days to retain audit logs in Solr</description>
+ <value>90</value>
+ <value-attributes>
+ <type>int</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_audit_logs_merge_factor</name>
+ <display-name>Merge Factor</display-name>
+ <description>
+ The mergeFactor value tells Lucene how many segments of equal size to build before merging them into a
+ single segment. High value merge factor (e.g. 25) improves indexing speed, but slows down searching. Low value
+ (e.g. 5) improves searching, but slows down indexing.
+ </description>
+ <value>5</value>
+ <value-attributes>
+ <type>int</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>solr-config template</display-name>
+ <description>the jinja template for solrconfig.xml file used for ranger audit logs</description>
+ <value/>
+ <property-type>VALUE_FROM_PROPERTY_FILE</property-type>
+ <value-attributes>
+ <property-file-name>ranger-solrconfig.xml.j2</property-file-name>
+ <property-file-type>xml</property-file-type>
+ </value-attributes>
+ <on-ambari-upgrade add="false" />
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
new file mode 100644
index 0000000..a4c9441
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>/etc/security/serverKeys/ranger-tagsync-keystore.jks</value>
+ <description>Java Keystore files</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>myKeyFilePassword</value>
+ <property-type>PASSWORD</property-type>
+ <description>password for keystore</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>/etc/security/serverKeys/ranger-tagsync-mytruststore.jks</value>
+ <description>java truststore file</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <description>java truststore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file{{ranger_tagsync_credential_file}}</value>
+ <description>java keystore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file{{ranger_tagsync_credential_file}}</value>
+ <description>java truststore credential file</description>
+ <on-ambari-upgrade add="false" />
+ </property>
+
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-site.xml
new file mode 100644
index 0000000..2eab439
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-tagsync-site.xml
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_final="true">
+ <property>
+ <name>ranger.tagsync.logdir</name>
+ <value>/var/log/ranger/tagsync</value>
+ <description>Ranger Log dir</description>
+ <value-attributes>
+ <type>directory</type>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.endpoint</name>
+ <value>{{ranger_external_url}}</value>
+ <description>Ranger TagAdmin REST URL</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlas</name>
+ <display-name>Enable Atlas Tag Source</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.server.bind.address</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest</name>
+ <display-name>Enable AtlasRest Tag Source</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.file</name>
+ <display-name>Enable File Tag Source</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>boolean</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.file.check.interval.millis</name>
+ <display-name>File Source: File update polling interval</display-name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.download.interval.millis</name>
+ <display-name>AtlasREST Source: Atlas source download interval</display-name>
+ <value>60000</value>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.tagsync.source.file.filename</name>
+ <display-name>File Source: Filename</display-name>
+ <value/>
+ <description>File Source Filename</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.endpoint</name>
+ <display-name>AtlasREST Source: Atlas endpoint</display-name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ <depends-on>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.server.http.port</name>
+ </property>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.server.https.port</name>
+ </property>
+ <property>
+ <type>application-properties</type>
+ <name>atlas.enableTLS</name>
+ </property>
+ </depends-on>
+ </property>
+ <property>
+ <name>ranger.tagsync.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.username</name>
+ <value>rangertagsync</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.username</name>
+ <value>admin</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.atlas.default.cluster.name</name>
+ <value>{{cluster_name}}</value>
+ <description>Capture cluster name</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.keystore.filename</name>
+ <value>/usr/hdp/current/ranger-tagsync/conf/rangertagsync.jceks</value>
+ <description>Keystore file</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.keystore.filename</name>
+ <value>/usr/hdp/current/ranger-tagsync/conf/atlasuser.jceks</value>
+ <description>Tagsync atlasrest keystore file</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.dest.ranger.ssl.config.filename</name>
+ <value>{{stack_root}}/current/ranger-tagsync/conf/ranger-policymgr-ssl.xml</value>
+ <description>Keystore and truststore information used for tagsync, required if tagsync -> ranger admin communication is SSL enabled</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.tagsync.source.atlasrest.ssl.config.filename</name>
+ <value>{{stack_root}}/current/ranger-tagsync/conf/atlas-tagsync-ssl.xml</value>
+ <description>Keystore and truststore information used for tagsync, required if tagsync to atlas communication is SSL enabled</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml
new file mode 100644
index 0000000..80babd6
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/ranger-ugsync-site.xml
@@ -0,0 +1,571 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration supports_final="true">
+ <property>
+ <name>ranger.usersync.port</name>
+ <value>5151</value>
+ <description>Port for unix authentication service, run within usersync</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ssl</name>
+ <value>true</value>
+ <description>SSL enabled? (ranger admin -> usersync communication)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.keystore.password</name>
+ <value>UnIx529p</value>
+ <property-type>PASSWORD</property-type>
+ <description>Keystore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.truststore.password</name>
+ <value>changeit</value>
+ <property-type>PASSWORD</property-type>
+ <description>Truststore password</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.passwordvalidator.path</name>
+ <value>./native/credValidator.uexe</value>
+ <description>Native program for password validation</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.enabled</name>
+ <display-name>Enable User Sync</display-name>
+ <value>true</value>
+ <description>Should users and groups be synchronized to Ranger Database? Required to setup Ranger policies</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.sink.impl.class</name>
+ <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value>
+ <description>Class to be used as sink (to sync users into ranger admin)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymanager.baseURL</name>
+ <value>{{ranger_external_url}}</value>
+ <description>URL to be used by clients to access ranger admin, use FQDN</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymanager.maxrecordsperapicall</name>
+ <value>1000</value>
+ <description>How many records to be returned per API call</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymanager.mockrun</name>
+ <value>false</value>
+ <description>Is user sync doing mock run?</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.unix.minUserId</name>
+ <display-name>Minimum User ID</display-name>
+ <value>500</value>
+ <description>Only sync users above this user id (applicable for UNIX)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.unix.group.file</name>
+ <display-name>Group File</display-name>
+ <value>/etc/group</value>
+ <description>Location of the groups file on the linux server</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.unix.password.file</name>
+ <display-name>Password File</display-name>
+ <value>/etc/passwd</value>
+ <description>Location of the password file on the linux server</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name>
+ <value>60000</value>
+ <description>Sleeptime interval in milliseconds, if < 6000 then default to 1 min</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.source.impl.class</name>
+ <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
+ <display-name>Sync Source</display-name>
+ <description>For Ldap: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder, For Unix: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder, org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</description>
+ <value-attributes>
+ <type>value-list</type>
+ <empty-value-valid>true</empty-value-valid>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value>
+ <label>UNIX</label>
+ </entry>
+ <entry>
+ <value>org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</value>
+ <label>FILE</label>
+ </entry>
+ <entry>
+ <value>org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder</value>
+ <label>LDAP/AD</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.filesource.file</name>
+ <display-name>File Name</display-name>
+ <value>/tmp/usergroup.txt</value>
+ <description>Path to the file with the users and groups information. Example: /tmp/usergroup.json or /tmp/usergroup.csv or /tmp/usergroup.txt</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.filesource.text.delimiter</name>
+ <display-name>Delimiter</display-name>
+ <value>,</value>
+ <description>Delimiter used in file, if File based user sync is used</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.url</name>
+ <display-name>LDAP/AD URL</display-name>
+ <value/>
+ <description>LDAP server URL. Example: value = ldap://localhost:389 or ldaps//localhost:636</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.binddn</name>
+ <display-name>Bind User</display-name>
+ <value/>
+ <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. This user is used for searching the users. This could be read-only LDAP user. Example: cn=admin,dc=example,dc=com</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.ldapbindpassword</name>
+ <display-name>Bind User Password</display-name>
+ <value/>
+ <property-type>PASSWORD</property-type>
+ <description>Password for the LDAP bind user used for searching users.</description>
+ <value-attributes>
+ <type>password</type>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.bindalias</name>
+ <value>testldapalias</value>
+ <description>Set as ranger.usersync.ldap.bindalias (string as is)</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+
+ <property>
+ <name>ranger.usersync.ldap.searchBase</name>
+ <value>dc=hadoop,dc=apache,dc=org</value>
+ <description>"# search base for users and groups
+# sample value would be dc=hadoop,dc=apache,dc=org
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.searchbase</name>
+ <display-name>User Search Base</display-name>
+ <value/>
+ <description>"# search base for users
+# sample value would be ou=users,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: cn=users,dc=example,dc=com;ou=example1,ou=example2"</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.searchscope</name>
+ <display-name>User Search Scope</display-name>
+ <value>sub</value>
+ <description>"# search scope for the users, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.objectclass</name>
+ <display-name>User Object Class</display-name>
+ <value>person</value>
+ <description>LDAP User Object Class. Example: person or user</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.searchfilter</name>
+ <display-name>User Search Filter</display-name>
+ <value/>
+ <description>"optional additional filter constraining the users selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.nameattribute</name>
+ <display-name>Username Attribute</display-name>
+ <value/>
+ <description>LDAP user name attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.referral</name>
+ <value>ignore</value>
+ <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.user.groupnameattribute</name>
+ <display-name>User Group Name Attribute</display-name>
+ <value>memberof, ismemberof</value>
+ <description>LDAP user group name attribute. Generally it is the same as username attribute. Example: sAMAccountName in AD, uid or cn in OpenLDAP</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.username.caseconversion</name>
+ <value>none</value>
+ <description>User name case conversion</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.groupname.caseconversion</name>
+ <value>none</value>
+ <description>Group name case conversion</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.logdir</name>
+ <value>{{usersync_log_dir}}</value>
+ <description>User sync log directory</description>
+ <value-attributes>
+ <visible>false</visible>
+ <overridable>false</overridable>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.usermapsyncenabled</name>
+ <value>true</value>
+ <display-name>Group User Map Sync</display-name>
+ <description>Sync specific groups for users?</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchbase</name>
+ <display-name>Group Search Base</display-name>
+ <value/>
+ <description>"# search base for groups
+# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org
+# overrides value specified in ranger.usersync.ldap.searchBase, ranger.usersync.ldap.user.searchbase
+# if a value is not specified, takes the value of ranger.usersync.ldap.searchBase
+# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"
+# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: ou=groups,DC=example,DC=com;ou=group1,ou=group2"
+</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchscope</name>
+ <value/>
+ <description>"# search scope for the groups, only base, one and sub are supported values
+# please customize the value to suit your deployment
+# default value: sub"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.objectclass</name>
+ <display-name>Group Object Class</display-name>
+ <value/>
+ <description>LDAP Group object class. Example: group</description>
+ <on-ambari-upgrade add="true"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchfilter</name>
+ <value/>
+ <display-name>Group Search Filter</display-name>
+ <description>"# optional additional filter constraining the groups selected for syncing
+# a sample value would be (dept=eng)
+# please customize the value to suit your deployment
+# default value is empty"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.nameattribute</name>
+ <display-name>Group Name Attribute</display-name>
+ <value/>
+ <description>LDAP group name attribute. Example: cn</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.memberattributename</name>
+ <display-name>Group Member Attribute</display-name>
+ <value/>
+ <description>LDAP group member attribute name. Example: member</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.pagedresultsenabled</name>
+ <value>true</value>
+ <description>Results can be paged?</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.pagedresultssize</name>
+ <value>500</value>
+ <description>Page size</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.kerberos.principal</name>
+ <value/>
+ <description/>
+ <property-type>KERBEROS_PRINCIPAL</property-type>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.kerberos.keytab</name>
+ <value/>
+ <description/>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymgr.username</name>
+ <value>rangerusersync</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymgr.alias</name>
+ <value>ranger.usersync.policymgr.password</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.search.first.enabled</name>
+ <display-name>Enable Group Search First</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.user.searchenabled</name>
+ <display-name>Enable User Search</display-name>
+ <value>false</value>
+ <description/>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.deltasync</name>
+ <display-name>Incremental Sync</display-name>
+ <value>true</value>
+ <description>Enable Incremental Sync</description>
+ <value-attributes>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.group.searchenabled</name>
+ <display-name>Enable Group Sync</display-name>
+ <value>false</value>
+ <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes
+ # valid values: true, false
+ # any value other than true would be treated as false
+ # default value: false"</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ <type>value-list</type>
+ <overridable>false</overridable>
+ <entries>
+ <entry>
+ <value>true</value>
+ <label>Yes</label>
+ </entry>
+ <entry>
+ <value>false</value>
+ <label>No</label>
+ </entry>
+ </entries>
+ <selection-cardinality>1</selection-cardinality>
+ </value-attributes>
+ <depends-on>
+ <property>
+ <type>ranger-ugsync-site</type>
+ <name>ranger.usersync.ldap.deltasync</name>
+ </property>
+ </depends-on>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.keystore.file</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value>
+ <description>Keystore file used for usersync</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.truststore.file</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value>
+ <description>Truststore used for usersync, required if usersync -> ranger admin communication is SSL enabled</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.ldap.bindkeystore</name>
+ <value/>
+ <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.credstore.filename</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
+ <description>Credential store file name for user sync, specify full path</description>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger.usersync.policymgr.keystore</name>
+ <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-application-properties.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-application-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-application-properties.xml
new file mode 100644
index 0000000..f616324
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-application-properties.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+ <property>
+ <name>atlas.kafka.entities.group.id</name>
+ <display-name>Atlas Source: Kafka consumer group</display-name>
+ <value>ranger_entities_consumer</value>
+ <description/>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>atlas.kafka.bootstrap.servers</name>
+ <display-name>Atlas Source: Kafka endpoint</display-name>
+ <value>localhost:6667</value>
+ <description/>
+ <depends-on>
+ <property>
+ <type>kafka-broker</type>
+ <name>port</name>
+ </property>
+ </depends-on>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>atlas.kafka.zookeeper.connect</name>
+ <display-name>Atlas Source: Zookeeper endpoint</display-name>
+ <value>localhost:2181</value>
+ <description/>
+ <depends-on>
+ <property>
+ <type>zoo.cfg</type>
+ <name>clientPort</name>
+ </property>
+ </depends-on>
+ <value-attributes>
+ <empty-value-valid>true</empty-value-valid>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-log4j.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-log4j.xml
new file mode 100644
index 0000000..bd2e109
--- /dev/null
+++ b/ambari-server/src/main/resources/common-services/RANGER/1.0.0.3.0/configuration/tagsync-log4j.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration supports_adding_forbidden="false">
+ <property>
+ <name>ranger_tagsync_log_maxfilesize</name>
+ <value>256</value>
+ <description>The maximum size of backup file before the log is rotated</description>
+ <display-name>Ranger tagsync Log: backup file size</display-name>
+ <value-attributes>
+ <unit>MB</unit>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>ranger_tagsync_log_number_of_backup_files</name>
+ <value>20</value>
+ <description>The number of backup files</description>
+ <display-name>Ranger tagsync Log: # of backup files</display-name>
+ <value-attributes>
+ <type>int</type>
+ <minimum>0</minimum>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+ <property>
+ <name>content</name>
+ <display-name>tagsync-log4j template</display-name>
+ <description>tagsync-log4j.properties</description>
+ <value>
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+log4j.rootLogger = info,logFile
+
+# logFile
+log4j.appender.logFile=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.logFile.file=${logdir}/tagsync.log
+log4j.appender.logFile.datePattern='.'yyyy-MM-dd
+log4j.appender.logFile.layout=org.apache.log4j.PatternLayout
+log4j.appender.logFile.MaxFileSize = {{ranger_tagsync_log_maxfilesize}}MB
+log4j.appender.logFile.MaxBackupIndex = {{ranger_tagsync_log_number_of_backup_files}}
+log4j.appender.logFile.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n
+
+# console
+log4j.appender.console=org.apache.log4j.ConsoleAppender
+log4j.appender.console.Target=System.out
+log4j.appender.console.layout=org.apache.log4j.PatternLayout
+log4j.appender.console.layout.ConversionPattern=%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n
+ </value>
+ <value-attributes>
+ <type>content</type>
+ <show-property-name>false</show-property-name>
+ </value-attributes>
+ <on-ambari-upgrade add="false"/>
+ </property>
+</configuration>