You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/10/31 22:03:45 UTC
[07/15] ARGUS-137 Rename Apache Argus to Apache Ranger on the
codebase/config
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
new file mode 100755
index 0000000..6db9984
--- /dev/null
+++ b/security-admin/scripts/setup.sh
@@ -0,0 +1,1332 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------------------------
+#
+# Ranger Admin Setup Script
+#
+# This script will install policymanager webapplication under tomcat and also, initialize the database with xasecure users/tables.
+
+PROPFILE=$PWD/install.properties
+propertyValue=''
+
+. $PROPFILE
+if [ ! $? = "0" ];then
+ log "$PROPFILE file not found....!!";
+ exit 1;
+fi
+
+DB_HOST="${db_host}"
+
+usage() {
+ [ "$*" ] && echo "$0: $*"
+ sed -n '/^##/,/^$/s/^## \{0,1\}//p' "$0"
+ exit 2
+} 2>/dev/null
+
+log() {
+ local prefix="[$(date +%Y/%m/%d\ %H:%M:%S)]: "
+ echo "${prefix} $@" >> $LOGFILE
+ echo "${prefix} $@"
+}
+
+check_ret_status(){
+ if [ $1 -ne 0 ]; then
+ log "[E] $2";
+ exit 1;
+ fi
+}
+
+check_ret_status_for_groupadd(){
+# 9 is the response if the group exists
+ if [ $1 -ne 0 ] && [ $1 -ne 9 ]; then
+ log "[E] $2";
+ exit 1;
+ fi
+}
+
+is_command () {
+ log "[I] check if command $1 exists"
+ type "$1" >/dev/null
+}
+
+get_distro(){
+ log "[I] Checking distribution name.."
+ ver=$(cat /etc/*{issues,release,version} 2> /dev/null)
+ if [[ $(echo $ver | grep DISTRIB_ID) ]]; then
+ DIST_NAME=$(lsb_release -si)
+ else
+ DIST_NAME=$(echo $ver | cut -d ' ' -f 1 | sort -u | head -1)
+ fi
+ export $DIST_NAME
+ log "[I] Found distribution : $DIST_NAME"
+
+}
+#Get Properties from File
+#$1 -> propertyName $2 -> fileName $3 -> variableName
+getPropertyFromFile(){
+ validateProperty=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1) # for validation
+ if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
+ value=`sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f2-`
+ #echo 'value:'$value
+ #validate=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
+ #if test -z "$validate" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
+ eval $3="'$value'"
+}
+
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+ sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+ #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation
+ validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
+ #echo 'V1:'$validate
+ if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+ log "[I] File $3 Updated successfully : {'$1'}"
+}
+
+
+init_logfiles () {
+ for f in $LOGFILES; do
+ touch $f
+ done
+ #log "start date for $0 = `date`"
+}
+
+init_variables(){
+ curDt=`date '+%Y%m%d%H%M%S'`
+
+ VERSION=`cat ${PWD}/version`
+
+ XAPOLICYMGR_DIR=$PWD
+
+ RANGER_ADMIN=ranger-admin
+
+ INSTALL_DIR=${XAPOLICYMGR_DIR}
+
+ WEBAPP_ROOT=${INSTALL_DIR}/ews/webapp
+
+ DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
+ if [ "${DB_FLAVOR}" == "" ]
+ then
+ DB_FLAVOR="MYSQL"
+ fi
+ log "[I] DB_FLAVOR=${DB_FLAVOR}"
+
+ getPropertyFromFile 'db_root_user' $PROPFILE db_root_user
+ getPropertyFromFile 'db_root_password' $PROPFILE db_user
+ getPropertyFromFile 'db_user' $PROPFILE db_user
+ getPropertyFromFile 'db_password' $PROPFILE db_password
+ getPropertyFromFile 'audit_db_user' $PROPFILE audit_db_user
+ getPropertyFromFile 'audit_db_password' $PROPFILE audit_db_password
+}
+
+wait_for_tomcat_shutdown() {
+ i=1
+ touch $TMPFILE
+ while [ $i -le 20 ]
+ do
+ ps -ef | grep catalina.startup.Bootstrap | grep -v grep > $TMPFILE
+ if [ $? -eq 1 ]; then
+ log "[I] Tomcat stopped"
+ i=21
+ else
+ log "[I] stopping Tomcat.."
+ i=`expr $i + 1`
+ sleep 1
+ fi
+ done
+}
+
+check_db_version() {
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ if is_command ${SQL_COMMAND_INVOKER} ; then
+ log "[I] '${SQL_COMMAND_INVOKER}' command found"
+ else
+ log "[E] '${SQL_COMMAND_INVOKER}' command not found"
+ exit 1;
+ fi
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ if is_command ${SQL_COMMAND_INVOKER} ; then
+ log "[I] '${SQL_COMMAND_INVOKER}' command found"
+ else
+ log "[E] '${SQL_COMMAND_INVOKER}' command not found"
+ exit 1;
+ fi
+ fi
+}
+
+check_db_connector() {
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ log "[I] Checking MYSQL CONNECTOR FILE : ${SQL_CONNECTOR_JAR}"
+ if test -f "$SQL_CONNECTOR_JAR"; then
+ log "[I] MYSQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
+ else
+ log "[E] MYSQL CONNECTOR FILE : $SQL_CONNECTOR_JAR does not exists" ; exit 1;
+ fi
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ log "[I] Checking ORACLE CONNECTOR FILE : ${SQL_CONNECTOR_JAR}"
+ if test -f "${SQL_CONNECTOR_JAR}"; then
+ log "[I] ORACLE CONNECTOR FILE : ${SQL_CONNECTOR_JAR} file found"
+ else
+ log "[E] ORACLE CONNECTOR FILE : ${SQL_CONNECTOR_JAR} does not exists" ; exit 1;
+ fi
+ fi
+}
+check_java_version() {
+ if is_command ${JAVA_BIN} ; then
+ log "[I] '${JAVA_BIN}' command found"
+ else
+ log "[E] '${JAVA_BIN}' command not found"
+ exit 1;
+ fi
+
+ $JAVA_BIN -version 2>&1 | grep -q $JAVA_VERSION_REQUIRED
+ if [ $? != 0 ] ; then
+ log "[E] Java 1.7 is required"
+ exit 1;
+ fi
+
+ #Check for JAVA_HOME
+ if [ "${JAVA_HOME}" == "" ]
+ then
+ log "[E] JAVA_HOME environment property not defined, aborting installation."
+ exit 1
+ fi
+
+ #$JAVA_BIN -version 2>&1 | grep -q "$JAVA_ORACLE"
+ #if [ $? != 0 ] ; then
+ #log "[E] Oracle Java is required"
+ #exit 1;
+ #fi
+}
+
+sanity_check_files() {
+
+ if test -d $app_home; then
+ log "[I] $app_home folder found"
+ else
+ log "[E] $app_home does not exists" ; exit 1;
+ fi
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ if test -f $mysql_core_file; then
+ log "[I] $mysql_core_file file found"
+ else
+ log "[E] $mysql_core_file does not exists" ; exit 1;
+ fi
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ if test -f ${oracle_core_file}; then
+ log "[I] ${oracle_core_file} file found"
+ else
+ log "[E] ${oracle_core_file} does not exists" ; exit 1;
+ fi
+ fi
+}
+
+create_rollback_point() {
+ DATE=`date`
+ BAK_FILE=$APP-$VERSION.$DATE.bak
+ log "Creating backup file : $BAK_FILE"
+ cp "$APP" "$BAK_FILE"
+}
+
+create_db_user(){
+ check_db_user_password
+ strError="ERROR"
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ log "[I] Creating ${DB_FLAVOR} user '${db_user}'"
+ for thost in '%' localhost
+ do
+ usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$db_user' and host = '$thost';"`
+ if [ ${usercount} -eq 0 ]
+ then
+ $SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$db_user'@'$thost' identified by '$db_password';"
+ log "[I] Creating user '$db_user' for host $thost done"
+ fi
+ dbquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM '$db_user'@'$thost';FLUSH PRIVILEGES;"
+ echo "${dbquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
+ check_ret_status $? "'$DB_FLAVOR' revoke *.* privileges from user '$db_user'@'$thost' failed"
+ done
+ log "[I] Creating ${DB_FLAVOR} user '${db_user}' DONE"
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ #check user exist or not
+ result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
+ username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
+ #if does not contains username so create user
+ if test "${result3#*$username}" == "$result3"
+ then
+ #create user
+ result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${db_user} identified by \"${db_password}\";"`
+ result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
+ username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
+ #if user is not created print error message
+ if test "${result3#*$username}" == "$result3"
+ then
+ log "[E] Creating User: ${db_user} Failed";
+ log "[E] $result4"
+ exit 1
+ else
+ log "[I] Creating User: ${db_user} Success";
+ fi
+ fi
+ result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"`
+ if test "${result5#*$strError}" == "$result5"
+ then
+ log "[I] Granting User: ${db_user} Success";
+ else
+ log "[E] Granting User: ${db_user} Failed";
+ log "[E] $result5"
+ exit 1
+ fi
+ log "[I] Creating $DB_FLAVOR user '${db_user}' DONE"
+ fi
+}
+
+check_db_admin_password () {
+ count=0
+ msg=''
+ cmdStatus=''
+ strError="ERROR"
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ log "[I] Checking ${DB_FLAVOR} $db_root_user password"
+ msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1`
+ cmdStatus=$?
+ fi
+
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ log "[I] Checking ${DB_FLAVOR} $db_root_user password"
+ msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA>&1`
+ cmdStatus=$?
+ fi
+ if test "${msg#*$strError}" != "$msg"
+ then
+ cmdStatus=1
+ else
+ cmdStatus=0 # $substring is not in $string
+ fi
+ while :
+ do
+ if [ $cmdStatus != 0 ]; then
+ if [ $count != 0 ]
+ then
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ log "[I] COMMAND: mysql -u $db_root_user --password=...... -h $DB_HOST : FAILED with error message:"
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ log "[I] COMMAND: sqlplus $db_root_user/...... @$DB_HOST AS SYSDBA : FAILED with error message:"
+ fi
+ log "*******************************************${sg}*******************************************"
+ fi
+ if [ $count -gt 2 ]
+ then
+ log "[E] Unable to continue as db connectivity fails."
+ exit 1
+ fi
+ trap 'stty echo; exit 1' 2 3 15
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ printf "Please enter password for mysql user-id, $db_root_user@${DB_HOST} : "
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ log="[msg] ${msg}"
+ printf "Please enter password for oracle user-id, $db_root_user@${DB_HOST} AS SYSDBA: "
+ fi
+ stty -echo
+ read db_root_password
+ stty echo
+ printf "\n"
+ trap '' 2 3 15
+ count=`expr ${count} + 1`
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1`
+ cmdStatus=$?
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER -L -S "${db_root_user}"/"\"${db_root_password}\""@"{$DB_HOST}" AS SYSDBA >&1`
+ cmdStatus=$?
+ fi
+ if test "${msg#*$strError}" != "$msg"
+ then
+ cmdStatus=1
+ else
+ cmdStatus=0 # $substring is not in $string
+ fi
+ else
+ log "[I] Checking DB password DONE"
+ break;
+ fi
+ done
+ return 0;
+}
+
+check_db_user_password() {
+ count=0
+ muser=${db_user}@${DB_HOST}
+ while [ "${db_password}" = "" ]
+ do
+ if [ $count -gt 0 ]
+ then
+ log "[I] You can not have a empty password for user: (${muser})."
+ fi
+ if [ ${count} -gt 2 ]
+ then
+ log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
+ fi
+ printf "Please enter password for the XASecure schema owner (${muser}): "
+ trap 'stty echo; exit 1' 2 3 15
+ stty -echo
+ read db_password
+ stty echo
+ printf "\n"
+ trap '' 2 3 15
+ count=`expr ${count} + 1`
+ done
+}
+
+
+check_audit_user_password() {
+ count=0
+ muser=${audit_db_user}@${DB_HOST}
+ while [ "${audit_db_password}" = "" ]
+ do
+ if [ $count -gt 0 ]
+ then
+ log "[I] You can not have a empty password for user: (${muser})."
+ fi
+ if [ ${count} -gt 2 ]
+ then
+ log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
+ fi
+ printf "Please enter password for the XASecure Audit Table owner (${muser}): "
+ trap 'stty echo; exit 1' 2 3 15
+ stty -echo
+ read audit_db_password
+ stty echo
+ printf "\n"
+ trap '' 2 3 15
+ count=`expr ${count} + 1`
+ done
+}
+
+upgrade_db() {
+ log "[I] - starting upgradedb ... "
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ DBVERSION_CATALOG_CREATION=db/create_dbversion_catalog.sql
+ if [ -f ${DBVERSION_CATALOG_CREATION} ]
+ then
+ log "[I] Verifying database version catalog table .... "
+ ${mysqlexec} < ${DBVERSION_CATALOG_CREATION}
+ `${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${DBVERSION_CATALOG_CREATION}`
+ check_ret_status $? "Verifying database version catalog table Failed."
+ fi
+
+ dt=`date '+%s'`
+ tempFile=/tmp/sql_${dt}_$$.sql
+ sqlfiles=`ls -1 db/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/patches/%s\n",$2) ; }'`
+ for sql in ${sqlfiles}
+ do
+ if [ -f ${sql} ]
+ then
+ bn=`basename ${sql}`
+ version=`echo ${bn} | awk -F'-' '{ print $1 }'`
+ if [ "${version}" != "" ]
+ then
+ c=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
+ check_ret_status $? "DBVerionCheck - ${version} Failed."
+ if [ ${c} -eq 0 ]
+ then
+ cat ${sql} > ${tempFile}
+ echo >> ${tempFile}
+ echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
+ log "[I] - patch [${version}] is being applied."
+ `${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${tempFile}`
+ check_ret_status $? "Update patch - ${version} Failed. See sql file : [${tempFile}]"
+ rm -f ${tempFile}
+ else
+ log "[I] - patch [${version}] is already applied. Skipping ..."
+ fi
+ fi
+ fi
+ done
+ fi
+ ####
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ strError="ERROR"
+ DBVERSION_CATALOG_CREATION=db/oracle/create_dbversion_catalog.sql
+ VERSION_TABLE=x_db_version_h
+ log "[I] Verifying table $VERSION_TABLE in database $db_name";
+ if [ -f ${DBVERSION_CATALOG_CREATION} ]
+ then
+ result1=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('${db_name}') and UPPER(table_name)=UPPER('${VERSION_TABLE}');"`
+ tablename=`echo $VERSION_TABLE | tr '[:lower:]' '[:upper:]'`
+ if test "${result1#*$tablename}" == "$result1" #does not contains tablename so create table
+ then
+ log "[I] Importing Version Catalog file: $DBVERSION_CATALOG_CREATION..."
+ result2=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$DBVERSION_CATALOG_CREATION`
+ if test "${result2#*$strError}" == "$result2"
+ then
+ log "[I] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION DONE";
+ else
+ log "[E] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION Failed";
+ log "[E] $result2"
+ fi
+ else
+ log "[I] Table $VERSION_TABLE already exists in database ${db_name}"
+ fi
+ fi
+
+ dt=`date '+%s'`
+ tempFile=/tmp/sql_${dt}_$$.sql
+ sqlfiles=`ls -1 db/oracle/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/oracle/patches/%s\n",$2) ; }'`
+ for sql in ${sqlfiles}
+ do
+ if [ -f ${sql} ]
+ then
+ bn=`basename ${sql}`
+ version=`echo ${bn} | awk -F'-' '{ print $1 }'`
+ if [ "${version}" != "" ]
+ then
+ result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
+ #does not contains record so insert
+ if test "${result2#*$version}" == "$result2"
+ then
+ cat ${sql} > ${tempFile}
+ echo >> ${tempFile}
+ echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile}
+ log "[I] - patch [${version}] is being applied. $tempFile"
+ result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile`
+ log "[+]$result3"
+ if test "${result3#*$strError}" == "$result3"
+ then
+ log "[I] Update patch - ${version} applied. See sql file : [${tempFile}]"
+ else
+ log "[E] Update patch - ${version} Failed. See sql file : [${tempFile}]"
+ fi
+ rm -f ${tempFile}
+ elif test "${result2#*$strError}" != "$result2"
+ then
+ log "[E] - patch [${version}] could not applied. Skipping ..."
+ exit 1
+ else
+ log "[I] - patch [${version}] is already applied. Skipping ..."
+ fi
+ fi
+ fi
+ done
+ fi
+ log "[I] - upgradedb completed."
+}
+
+import_db(){
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ log "[I] Verifying Database: ${db_name}";
+ existdb=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h $DB_HOST -B --skip-column-names -e "show databases like '${db_name}' ;"`
+ if [ "${existdb}" = "${db_name}" ]
+ then
+ log "[I] - database ${db_name} already exists. Ignoring import_db ..."
+ else
+ log "[I] Creating Database: $db_name";
+ $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $db_name"
+ check_ret_status $? "Creating database Failed.."
+ log "[I] Importing Core Database file: $mysql_core_file "
+ $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $db_name < $mysql_core_file
+ check_ret_status $? "Importing Database Failed.."
+ if [ -f "${mysql_asset_file}" ]
+ then
+ $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST ${db_name} < ${mysql_asset_file}
+ check_ret_status $? "Reset of DB repositories failed"
+ fi
+ log "[I] Importing Database file : $mysql_core_file DONE";
+ fi
+ for thost in '%' localhost
+ do
+ mysqlquery="GRANT ALL ON $db_name.* TO '$db_user'@'$thost' ;
+ GRANT ALL PRIVILEGES ON $db_name.* to '$db_user'@'$thost' WITH GRANT OPTION;
+ FLUSH PRIVILEGES;"
+ echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
+ check_ret_status $? "'$db_user' grant privileges on '$db_name' failed"
+ log "[I] Granting MYSQL user '$db_user' for host $thost DONE"
+ done
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ log "[I] Importing TABLESPACE: ${db_name}";
+ strError="ERROR"
+ existdb="false"
+
+ #Verifying Users
+ log "[I] Verifying DB User: ${db_user}";
+ result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
+ username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
+ if test "${result3#*$username}" == "$result3" #does not contains username so create user
+ then
+ #create user
+ result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${db_user} identified by \"${db_password}\";"`
+ result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
+ username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
+ if test "${result3#*$username}" == "$result3" #does not contains username so create user
+ then
+ log "[E] Creating User: ${db_user} Failed";
+ log "[E] ${result4}";
+ exit 1
+ else
+ log "[I] Creating User: ${db_user} Success";
+ fi
+ else
+ log "[I] User: ${db_user} exist";
+ fi
+
+ #creating db/tablespace
+ result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"`
+ tablespace=`echo ${db_name} | tr '[:lower:]' '[:upper:]'`
+ if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace
+ then
+ log "[I] Creating TABLESPACE: ${db_name}";
+ result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace ${db_name} datafile '${db_name}.dat' size 10M autoextend on;"`
+ if test "${result2#*$strError}" == "$result2"
+ then
+ log "[I] TABLESPACE ${db_name} created.";
+ existdb="true"
+ else
+ log "[E] Creating TABLESPACE: ${db_name} Failed";
+ log "[E] $result2";
+ exit 1
+ fi
+ else
+ log "[I] TABLESPACE ${db_name} already exists.";
+ fi
+
+ #verify table space
+ result1a=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"`
+ tablespace1a=`echo ${db_name} | tr '[:lower:]' '[:upper:]'`
+ if test "${result1a#*$tablespace1a}" == "$result1a" #does not contains tablespace so exit
+ then
+ log "[E] TABLESPACE: ${db_name} Does not exist!!";
+ exit 1
+ fi
+
+ #verify user
+ result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
+ username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
+ if test "${result3#*$username}" == "$result3" #does not contains username so exit
+ then
+ log "[E] User: ${db_user} Does not exist!!";
+ exit 1
+ fi
+
+ # ASSIGN DEFAULT TABLESPACE ${db_name}
+ result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "alter user ${db_user} identified by \"${db_password}\" DEFAULT TABLESPACE ${db_name};"`
+
+ #grant user
+ result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"`
+ if test "${result5#*$strError}" == "$result5"
+ then
+ log "[I] Granting User: ${db_user} Success";
+ else
+ log "[E] Granting User: ${db_user} Failed";
+ log "[E] $result5";
+ exit 1
+ fi
+
+ #if does not contains tables create tables
+ if [ "${existdb}" == "true" ]
+ then
+ log "[I] Importing XA Database file: ${oracle_core_file}..."
+ result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @${oracle_core_file}`
+ if test "${result7#*$strError}" == "$result7"
+ then
+ log "[I] Importing XA Database file : ${oracle_core_file} DONE";
+ else
+ log "[E] Importing XA Database file : ${oracle_core_file} Failed";
+ log "[E] $result7";
+ exit 1
+ fi
+ else
+ log "[I] - database ${db_name} already exists. Ignoring import_db ..." ;
+ fi
+ fi
+}
+
+copy_db_connector(){
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ log "[I] Copying MYSQL Connector to $app_home/WEB-INF/lib ";
+ cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/classes/lib
+ check_ret_status $? "Copying MYSQL Connector to $app_home/WEB-INF/lib failed"
+ log "[I] Copying MYSQL Connector to $app_home/WEB-INF/lib DONE";
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ log "[I] Copying ORACLE Connector to $app_home/WEB-INF/lib ";
+ cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/classes/lib
+ check_ret_status $? "Copying ORACLE Connector to $app_home/WEB-INF/lib failed"
+ log "[I] Copying ORACLE Connector to $app_home/WEB-INF/lib DONE";
+ fi
+}
+
+update_properties() {
+ newPropertyValue=''
+ echo "export JAVA_HOME=${JAVA_HOME}" > ${WEBAPP_ROOT}/WEB-INF/classes/conf/java_home.sh
+ chmod a+rx ${WEBAPP_ROOT}/WEB-INF/classes/conf/java_home.sh
+
+
+ to_file=$app_home/WEB-INF/classes/conf/xa_system.properties
+ if test -f $to_file; then
+ log "[I] $to_file file found"
+ else
+ log "[E] $to_file does not exists" ; exit 1;
+ fi
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ propertyName=jdbc.url
+ newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${db_name}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=auditDB.jdbc.url
+ newPropertyValue="jdbc:log4jdbc:mysql://${DB_HOST}/${audit_db_name}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=jdbc.dialect
+ newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=auditDB.jdbc.dialect
+ newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=jdbc.driver
+ newPropertyValue="net.sf.log4jdbc.DriverSpy"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=auditDB.jdbc.driver
+ newPropertyValue="net.sf.log4jdbc.DriverSpy"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ propertyName=jdbc.url
+ newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=auditDB.jdbc.url
+ newPropertyValue="jdbc:oracle:thin:\@//${DB_HOST}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=jdbc.dialect
+ newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=auditDB.jdbc.dialect
+ newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=jdbc.driver
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=auditDB.jdbc.driver
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+ fi
+ propertyName=xa.webapp.url.root
+ newPropertyValue="${policymgr_external_url}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=http.enabled
+ newPropertyValue="${policymgr_http_enabled}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=jdbc.user
+ newPropertyValue="${db_user}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=auditDB.jdbc.user
+ newPropertyValue="${audit_db_user}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+ ##########
+
+ keystore="${cred_keystore_filename}"
+
+ echo "Starting configuration for XA DB credentials:"
+
+ db_password_alias=policyDB.jdbc.password
+
+ if [ "${keystore}" != "" ]
+ then
+ mkdir -p `dirname "${keystore}"`
+
+ java -cp "cred/lib/*" com.hortonworks.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore
+
+ propertyName=xaDB.jdbc.credential.alias
+ newPropertyValue="${db_password_alias}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=xaDB.jdbc.credential.provider.path
+ newPropertyValue="${keystore}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=jdbc.password
+ newPropertyValue="_"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+ else
+ propertyName=jdbc.password
+ newPropertyValue="${db_password}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+ fi
+
+ if test -f $keystore; then
+ #echo "$keystore found."
+ chown -R ${unix_user}:${unix_group} ${keystore}
+ chmod 640 ${keystore}
+ else
+ #echo "$keystore not found. so clear text password"
+ propertyName=jdbc.password
+ newPropertyValue="${db_password}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+ fi
+
+ ###########
+ audit_db_password_alias=auditDB.jdbc.password
+
+ echo "Starting configuration for Audit DB credentials:"
+
+ if [ "${keystore}" != "" ]
+ then
+ java -cp "cred/lib/*" com.hortonworks.credentialapi.buildks create "$audit_db_password_alias" -value "$audit_db_password" -provider jceks://file$keystore
+
+ propertyName=auditDB.jdbc.credential.alias
+ newPropertyValue="${audit_db_password_alias}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=auditDB.jdbc.credential.provider.path
+ newPropertyValue="${keystore}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+ propertyName=auditDB.jdbc.password
+ newPropertyValue="_"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+ else
+ propertyName=auditDB.jdbc.password
+ newPropertyValue="${audit_db_password}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+ fi
+
+ if test -f $keystore; then
+ chown -R ${unix_user}:${unix_group} ${keystore}
+ #echo "$keystore found."
+ else
+ #echo "$keystore not found. so use clear text password"
+ propertyName=auditDB.jdbc.password
+ newPropertyValue="${audit_db_password}"
+ updatePropertyToFile $propertyName $newPropertyValue $to_file
+ fi
+
+}
+
+create_audit_db_user(){
+ check_audit_user_password
+ AUDIT_DB="${audit_db_name}"
+ AUDIT_USER="${audit_db_user}"
+ AUDIT_PASSWORD="${audit_db_password}"
+ strError="ERROR"
+ #Verifying Database
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ log "[I] Verifying Database: $AUDIT_DB";
+ existdb=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -B --skip-column-names -e "show databases like '$AUDIT_DB' ;"`
+ if [ "${existdb}" = "$AUDIT_DB" ]
+ then
+ log "[I] Database $AUDIT_DB already exists."
+ else
+ log "[I] Creating Database: $audit_db_name";
+ $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $AUDIT_DB"
+ check_ret_status $? "Creating database $AUDIT_DB Failed.."
+ fi
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ log "[I] Verifying TABLESPACE: $AUDIT_DB";
+ result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT distinct UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${AUDIT_DB}');"`
+ tablespace=`echo $AUDIT_DB | tr '[:lower:]' '[:upper:]'`
+ if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace
+ then
+ log "[I] Creating TABLESPACE: $AUDIT_DB";
+ result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace $AUDIT_DB datafile '$AUDIT_DB.dat' size 10M autoextend on;"`
+ if test "${result2#*$strError}" == "$result2"
+ then
+ log "[I] TABLESPACE $AUDIT_DB created."
+ else
+ log "[E] Creating TABLESPACE: $AUDIT_DB Failed";
+ log "[E] $result2"
+ exit 1
+ fi
+ else
+ log "[I] TABLESPACE $AUDIT_DB already exists."
+ fi
+ fi
+
+ #Verifying Users
+ log "[I] Verifying Audit User: $AUDIT_USER";
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ for thost in '%' localhost
+ do
+ usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$AUDIT_USER' and host = '$thost';"`
+ if [ ${usercount} -eq 0 ]
+ then
+ log "[I] Creating ${DB_FLAVOR} user '$AUDIT_USER'@'$thost'"
+ $SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$AUDIT_USER'@'$thost' identified by '$AUDIT_PASSWORD';"
+ check_ret_status $? "${DB_FLAVOR} create user failed"
+ fi
+ if [ "${AUDIT_USER}" != "${db_user}" ]
+ then
+ mysqlquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM '$AUDIT_USER'@'$thost' ;
+ FLUSH PRIVILEGES;"
+ echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
+ check_ret_status $? "'$DB_FLAVOR' revoke privileges from user '$AUDIT_USER'@'$thost' failed"
+ log "[I] '$DB_FLAVOR' revoke all privileges from user '$AUDIT_USER'@'$thost' DONE"
+ fi
+ done
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${AUDIT_USER}');"`
+ username=`echo $AUDIT_USER | tr '[:lower:]' '[:upper:]'`
+ if test "${result3#*$username}" == "$result3" #does not contains username so create user
+ then
+ #create user
+ result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"`
+ if test "${result4#*$strError}" == "$result4"
+ then
+ log "[I] Creating User: ${AUDIT_USER} Success";
+ else
+ log "[E] Creating User: ${AUDIT_USER} Failed";
+ log "[E] $result4"
+ exit 1
+ fi
+ else
+ log "[I] User: ${AUDIT_USER} exist";
+ fi
+ result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION TO ${AUDIT_USER};"`
+ if test "${result5#*$strError}" == "$result5"
+ then
+ log "[I] Granting User: $AUDIT_USER Success";
+ else
+ log "[E] Granting User: $AUDIT_USER Failed";
+ log "[E] $result5"
+ exit 1
+ fi
+ fi
+
+ #Verifying audit table
+ AUDIT_TABLE=xa_access_audit
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ log "[I] Verifying table $AUDIT_TABLE in audit database $AUDIT_DB";
+ existtbl=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -D $AUDIT_DB -h $DB_HOST -B --skip-column-names -e "show tables like '$AUDIT_TABLE' ;"`
+ if [ "${existtbl}" != "$AUDIT_TABLE" ]
+ then
+ log "[I] Importing Audit Database file: $mysql_audit_file..."
+ $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $AUDIT_DB < $mysql_audit_file
+ check_ret_status $? "Importing Audit Database Failed.."
+ log "[I] Importing Audit Database file : $mysql_audit_file DONE";
+ else
+ log "[I] Table $AUDIT_TABLE already exists in audit database $AUDIT_DB"
+ fi
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ log "[I] Verifying table $AUDIT_TABLE in TABLESPACE $db_name";
+ # ASSIGN DEFAULT TABLESPACE ${db_name}
+ result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "alter user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"`
+ result6=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('$db_name') and UPPER(table_name)=UPPER('${AUDIT_TABLE}');"`
+ tablename=`echo $AUDIT_TABLE | tr '[:lower:]' '[:upper:]'`
+ if test "${result6#*$tablename}" == "$result6" #does not contains tablename so create table
+ then
+ log "[I] Importing Audit Database file: $oracle_audit_file..."
+ result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$oracle_audit_file`
+ if test "${result7#*$strError}" == "$result7"
+ then
+ log "[I] Importing Audit Database file : $oracle_audit_file DONE";
+ else
+ log "[E] Importing Audit Database file : $oracle_audit_file failed";
+ log "[E] $result7"
+ fi
+ else
+ log "[I] Table $AUDIT_TABLE already exists in TABLESPACE $db_name"
+ fi
+ fi
+
+ #Granting Users
+ log "[I] Granting Privileges to User: $AUDIT_USER";
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ for thost in '%' localhost
+ do
+ mysqlquery="GRANT ALL ON $AUDIT_DB.* TO '$db_user'@'$thost' ;
+ GRANT ALL PRIVILEGES ON $AUDIT_DB.* to '$db_user'@'$thost' WITH GRANT OPTION;
+ FLUSH PRIVILEGES;"
+ echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
+ check_ret_status $? "'$db_user' grant privileges on '$AUDIT_DB' failed"
+ log "[I] Creating MYSQL user '$AUDIT_USER' for host $thost DONE"
+
+ mysqlquery="GRANT INSERT ON $AUDIT_DB.$AUDIT_TABLE TO '$AUDIT_USER'@'$thost' ;
+ FLUSH PRIVILEGES;"
+ echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
+ check_ret_status $? "'$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE failed"
+ log "[I] '$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE DONE"
+ done
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ if [ "${AUDIT_USER}" != "${db_user}" ]
+ then
+ result11=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT SELECT ON ${db_user}.XA_ACCESS_AUDIT_SEQ TO ${AUDIT_USER};"`
+ result12=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT INSERT ON ${db_user}.${AUDIT_TABLE} TO ${AUDIT_USER};"`
+ if test "${result11#*$strError}" != "$result11"
+ then
+ log "[E] Granting User: $AUDIT_USER Failed";
+ log "[E] $result11";
+ exit1
+ elif test "${result12#*$strError}" != "$result12"
+ then
+ log "[E] Granting User: $AUDIT_USER Failed";
+ log "[E] $result12";
+ exit 1
+ else
+ log "[I] Granting User: $AUDIT_USER Success";
+ fi
+ fi
+ fi
+}
+
+do_unixauth_setup() {
+
+ RANGER_JAAS_CONF_DIR="${INSTALL_DIR}/ews/webapp/WEB-INF/classes/conf/ranger_jaas"
+
+ cp ./unixauth-config/* ${RANGER_JAAS_CONF_DIR}
+
+ cat unixauth-config/unixauth.properties | \
+ grep -v '^remoteLoginEnabled=' | \
+ grep -v '^authServiceHostName=' | \
+ grep -v '^authServicePort=' > ${RANGER_JAAS_CONF_DIR}/unixauth.properties
+
+ echo "remoteLoginEnabled=${remoteLoginEnabled}" >> ${RANGER_JAAS_CONF_DIR}/unixauth.properties
+ echo "authServiceHostName=${authServiceHostName}" >> ${RANGER_JAAS_CONF_DIR}/unixauth.properties
+ echo "authServicePort=${authServicePort}" >> ${RANGER_JAAS_CONF_DIR}/unixauth.properties
+
+ owner=ranger
+ group=ranger
+ chown -R ${owner}:${group} ${RANGER_JAAS_CONF_DIR}
+ chmod -R go-rwx ${RANGER_JAAS_CONF_DIR}
+}
+
+do_authentication_setup(){
+ log "[I] Starting setup based on user authentication method=$authentication_method";
+ ./setup_authentication.sh $authentication_method $app_home
+
+ if [ $authentication_method = "LDAP" ] ; then
+ log "[I] Loading LDAP attributes and properties";
+ newPropertyValue=''
+ ldap_file=$app_home/WEB-INF/classes/conf/ranger_jaas/xa_ldap.properties
+ if test -f $ldap_file; then
+ log "[I] $ldap_file file found"
+ propertyName=xa_ldap_url
+ newPropertyValue="${xa_ldap_url}"
+
+ updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+
+ propertyName=xa_ldap_userDNpattern
+ newPropertyValue="${xa_ldap_userDNpattern}"
+ updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+
+ propertyName=xa_ldap_groupSearchBase
+ newPropertyValue="${xa_ldap_groupSearchBase}"
+ updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+
+ propertyName=xa_ldap_groupSearchFilter
+ newPropertyValue="${xa_ldap_groupSearchFilter}"
+ updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+
+ propertyName=xa_ldap_groupRoleAttribute
+ newPropertyValue="${xa_ldap_groupRoleAttribute}"
+ updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+
+ propertyName=authentication_method
+ newPropertyValue="${authentication_method}"
+ updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ else
+ log "[E] $ldap_file does not exists" ; exit 1;
+
+ fi
+ fi
+ if [ $authentication_method = "ACTIVE_DIRECTORY" ] ; then
+ log "[I] Loading ACTIVE DIRECTORY attributes and properties";
+ newPropertyValue=''
+ ldap_file=$app_home/WEB-INF/classes/conf/ranger_jaas/xa_ldap.properties
+ if test -f $ldap_file; then
+ log "[I] $ldap_file file found"
+ propertyName=xa_ldap_ad_url
+ newPropertyValue="${xa_ldap_ad_url}"
+ updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+
+ propertyName=xa_ldap_ad_domain
+ newPropertyValue="${xa_ldap_ad_domain}"
+ updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+
+ propertyName=authentication_method
+ newPropertyValue="${authentication_method}"
+ updatePropertyToFile $propertyName $newPropertyValue $ldap_file
+ else
+ log "[E] $ldap_file does not exists" ; exit 1;
+ fi
+ fi
+ if [ $authentication_method = "UNIX" ] ; then
+ do_unixauth_setup
+ fi
+ log "[I] Finished setup based on user authentication method=$authentication_method";
+}
+
+#=====================================================================
+
+setup_unix_user_group(){
+
+ log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group}";
+
+ groupadd ${unix_group}
+ check_ret_status_for_groupadd $? "Creating group ${unix_group} failed"
+
+ id -u ${unix_user} > /dev/null 2>&1
+
+ if [ $? -ne 0 ]
+ then
+ log "[I] Creating new user and adding to group";
+ useradd ${unix_user} -g ${unix_group} -m
+ check_ret_status $? "useradd ${unix_user} failed"
+ else
+ log "[I] User already exists, adding it to group";
+ usermod -g ${unix_group} ${unix_user}
+ fi
+
+ log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group} DONE";
+}
+
+setup_install_files(){
+
+ log "[I] Setting up installation files and directory";
+
+ if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then
+ log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf"
+ mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf
+ cp ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist/* ${WEBAPP_ROOT}/WEB-INF/classes/conf
+ chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf
+ fi
+
+ if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas ]; then
+ log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas"
+ mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas
+ chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas
+ chmod 700 ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger_jaas
+ fi
+
+ if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then
+ log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/lib"
+ mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/lib
+ chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/lib
+ fi
+
+ if [ ! -f /etc/init.d/${RANGER_ADMIN} ]; then
+ log "[I] Setting up init.d"
+ mv ${INSTALL_DIR}/ews/${RANGER_ADMIN} /etc/init.d/${RANGER_ADMIN}
+
+ chmod ug+rx /etc/init.d/${RANGER_ADMIN}
+
+ if [ -d /etc/rc2.d ]
+ then
+ RC_DIR=/etc/rc2.d
+ log "[I] Creating script S88${RANGER_ADMIN}/K90${RANGER_ADMIN} in $RC_DIR directory .... "
+ rm -f $RC_DIR/S88${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN}
+ ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/S88${RANGER_ADMIN}
+ ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN}
+ fi
+
+ if [ -d /etc/rc3.d ]
+ then
+ RC_DIR=/etc/rc3.d
+ log "[I] Creating script S88${RANGER_ADMIN}/K90${RANGER_ADMIN} in $RC_DIR directory .... "
+ rm -f $RC_DIR/S88${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN}
+ ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/S88${RANGER_ADMIN}
+ ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN}
+ fi
+
+ # SUSE has rc2.d and rc3.d under /etc/rc.d
+ if [ -d /etc/rc.d/rc2.d ]
+ then
+ RC_DIR=/etc/rc.d/rc2.d
+ log "[I] Creating script S88${RANGER_ADMIN}/K90${RANGER_ADMIN} in $RC_DIR directory .... "
+ rm -f $RC_DIR/S88${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN}
+ ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/S88${RANGER_ADMIN}
+ ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN}
+ fi
+ if [ -d /etc/rc.d/rc3.d ]
+ then
+ RC_DIR=/etc/rc.d/rc3.d
+ log "[I] Creating script S88${RANGER_ADMIN}/K90${RANGER_ADMIN} in $RC_DIR directory .... "
+ rm -f $RC_DIR/S88${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN}
+ ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/S88${RANGER_ADMIN}
+ ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN}
+ fi
+ fi
+
+
+ if [ ! -d ${XAPOLICYMGR_DIR}/ews/logs ]; then
+ log "[I] ${XAPOLICYMGR_DIR}/ews/logs folder"
+ mkdir -p ${XAPOLICYMGR_DIR}/ews/logs
+ chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs
+ fi
+
+ log "[I] Setting up installation files and directory DONE";
+
+ if [ ! -f ${INSTALL_DIR}/rpm ]; then
+ if [ -d ${INSTALL_DIR} ]
+ then
+ chown -R ${unix_user}:${unix_group} ${INSTALL_DIR}
+ chown -R ${unix_user}:${unix_group} ${INSTALL_DIR}/*
+ fi
+ fi
+}
+
+execute_java_patches(){
+ if [ "${DB_FLAVOR}" == "MYSQL" ]
+ then
+ dt=`date '+%s'`
+ tempFile=/tmp/sql_${dt}_$$.sql
+ mysqlexec="${SQL_COMMAND_INVOKER} -u ${db_root_user} --password="${db_root_password}" -h ${DB_HOST} ${db_name}"
+ javaFiles=`ls -1 $app_home/WEB-INF/classes/com/xasecure/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'`
+ for javaPatch in ${javaFiles}
+ do
+ if test -f "$app_home/WEB-INF/classes/com/xasecure/patch/$javaPatch"; then
+ className=$(basename "$javaPatch" .class)
+ version=`echo ${className} | awk -F'_' '{ print $2 }'`
+ if [ "${version}" != "" ]
+ then
+ c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
+ check_ret_status $? "DBVerionCheck - ${version} Failed."
+ if [ ${c} -eq 0 ]
+ then
+ log "[I] patch ${javaPatch} is being applied..";
+ msg=`java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF/" com.xasecure.patch.${className}`
+ check_ret_status $? "Unable to apply patch:$javaPatch. $msg"
+ touch ${tempFile}
+ echo >> ${tempFile}
+ echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
+ ${mysqlexec} < ${tempFile}
+ check_ret_status $? "Update patch - ${javaPatch} has failed."
+ rm -f ${tempFile}
+ log "[I] patch ${javaPatch} has been applied!!";
+ else
+ log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
+ fi
+ fi
+ fi
+ done
+ fi
+ if [ "${DB_FLAVOR}" == "ORACLE" ]
+ then
+ dt=`date '+%s'`
+ tempFile=/tmp/sql_${dt}_$$.sql
+ javaFiles=`ls -1 $app_home/WEB-INF/classes/com/xasecure/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'`
+ for javaPatch in ${javaFiles}
+ do
+ if test -f "$app_home/WEB-INF/classes/com/xasecure/patch/$javaPatch"; then
+ className=$(basename "$javaPatch" .class)
+ version=`echo ${className} | awk -F'_' '{ print $2 }'`
+ if [ "${version}" != "" ]
+ then
+ result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
+ #does not contains record so insert
+ if test "${result2#*$version}" == "$result2"
+ then
+ log "[I] patch ${javaPatch} is being applied..";
+ msg=`java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF/" com.xasecure.patch.${className}`
+ check_ret_status $? "Unable to apply patch:$javaPatch. $msg"
+ touch ${tempFile}
+ echo >> ${tempFile}
+ echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile}
+ result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile`
+ if test "${result3#*$strError}" == "$result3"
+ then
+ log "[I] patch ${javaPatch} has been applied!!";
+ else
+ log "[E] patch ${javaPatch} has failed."
+ fi
+ rm -f ${tempFile}
+ elif test "${result2#*$strError}" != "$result2"
+ then
+ log "[E] - patch [${javaPatch}] could not applied. Skipping ..."
+ exit 1
+ else
+ log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
+ fi
+ fi
+ fi
+ done
+ fi
+}
+init_logfiles
+log " --------- Running XASecure PolicyManager Web Application Install Script --------- "
+log "[I] uname=`uname`"
+log "[I] hostname=`hostname`"
+init_variables
+get_distro
+check_java_version
+check_db_version
+check_db_connector
+setup_unix_user_group
+setup_install_files
+sanity_check_files
+check_db_admin_password
+create_db_user
+copy_db_connector
+import_db
+upgrade_db
+create_audit_db_user
+update_properties
+do_authentication_setup
+execute_java_patches
+
+echo "Installation of XASecure PolicyManager Web Application is completed."
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/scripts/setup_authentication.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup_authentication.sh b/security-admin/scripts/setup_authentication.sh
old mode 100644
new mode 100755
index 12875f4..9fe892f
--- a/security-admin/scripts/setup_authentication.sh
+++ b/security-admin/scripts/setup_authentication.sh
@@ -23,8 +23,10 @@ if [ $# -ne 2 ]
echo $USAGE;
fi
+curDt=`date '+%Y%m%d%H%M%S'`
authentication_method=$1
path=$2
+CONFIG_FILE=$path/WEB-INF/classes/conf/security-applicationContext.xml
if [ $authentication_method = "UNIX" ] ; then
echo $path;
@@ -34,8 +36,8 @@ if [ $authentication_method = "UNIX" ] ; then
for(i=1;i<=d;i++){ print _[i] }
f=1;next
}
- /UNIX_BEAN_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/unix_bean_settings.xml $path/META-INF/security-applicationContext.xml > tmp
- mv tmp $path/META-INF/security-applicationContext.xml
+ /UNIX_BEAN_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/unix_bean_settings.xml $CONFIG_FILE > tmp
+ mv tmp $CONFIG_FILE
awk 'FNR==NR{ _[++d]=$0;next}
/UNIX_SEC_SETTINGS_START/{
@@ -43,8 +45,8 @@ if [ $authentication_method = "UNIX" ] ; then
for(i=1;i<=d;i++){ print _[i] }
f=1;next
}
- /UNIX_SEC_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/unix_security_settings.xml $path/META-INF/security-applicationContext.xml > tmp
- mv tmp $path/META-INF/security-applicationContext.xml
+ /UNIX_SEC_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/unix_security_settings.xml $CONFIG_FILE > tmp
+ mv tmp $CONFIG_FILE
exit 0;
@@ -56,8 +58,8 @@ elif [ $authentication_method = "LDAP" ]; then
for(i=1;i<=d;i++){ print _[i] }
f=1;next
}
- /LDAP_BEAN_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ldap_bean_settings.xml $path/META-INF/security-applicationContext.xml > tmp
- mv tmp $path/META-INF/security-applicationContext.xml
+ /LDAP_BEAN_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ldap_bean_settings.xml $CONFIG_FILE > tmp
+ mv tmp $CONFIG_FILE
awk 'FNR==NR{ _[++d]=$0;next}
/LDAP_SEC_SETTINGS_START/{
@@ -65,8 +67,8 @@ elif [ $authentication_method = "LDAP" ]; then
for(i=1;i<=d;i++){ print _[i] }
f=1;next
}
- /LDAP_SEC_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ldap_security_settings.xml $path/META-INF/security-applicationContext.xml > tmp
- mv tmp $path/META-INF/security-applicationContext.xml
+ /LDAP_SEC_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ldap_security_settings.xml $CONFIG_FILE > tmp
+ mv tmp $CONFIG_FILE
exit 0;
@@ -78,8 +80,8 @@ elif [ $authentication_method = "ACTIVE_DIRECTORY" ]; then
for(i=1;i<=d;i++){ print _[i] }
f=1;next
}
- /AD_BEAN_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ad_bean_settings.xml $path/META-INF/security-applicationContext.xml > tmp
- mv tmp $path/META-INF/security-applicationContext.xml
+ /AD_BEAN_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ad_bean_settings.xml $CONFIG_FILE > tmp
+ mv tmp $CONFIG_FILE
awk 'FNR==NR{ _[++d]=$0;next}
/AD_SEC_SETTINGS_START/{
@@ -87,8 +89,8 @@ elif [ $authentication_method = "ACTIVE_DIRECTORY" ]; then
for(i=1;i<=d;i++){ print _[i] }
f=1;next
}
- /AD_SEC_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ad_security_settings.xml $path/META-INF/security-applicationContext.xml > tmp
- mv tmp $path/META-INF/security-applicationContext.xml
+ /AD_SEC_SETTINGS_END/{f=0}!f' $path/META-INF/contextXML/ad_security_settings.xml $CONFIG_FILE > tmp
+ mv tmp $CONFIG_FILE
exit 0;
elif [ $authentication_method = "NONE" ]; then
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/6af44c4f/security-admin/src/bin/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/install.properties b/security-admin/src/bin/install.properties
new file mode 100644
index 0000000..8ebc8fd
--- /dev/null
+++ b/security-admin/src/bin/install.properties
@@ -0,0 +1,126 @@
+#
+# This file provides list of deployment variables for the Policy Manager Web Application
+#
+
+#------------------------- MYSQL CONFIG - BEGIN ----------------------------------
+
+#
+# The executable path to be used to invoke command-line MYSQL
+#
+MYSQL_BIN='mysql'
+
+#
+# Location of mysql client library (please check the location of the jar file)
+#
+MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
+#
+# MYSQL password for the MYSQL root user-id
+# **************************************************************************
+# ** If the password is left empty or not-defined here,
+# ** it will be prompted to enter the password during installation process
+# **************************************************************************
+#
+
+db_root_password=
+db_host=localhost
+
+#
+# MySQL UserId used for the XASecure schema
+#
+db_name=xasecure
+db_user=xaadmin
+db_password=
+
+#
+# MySQL UserId for storing auditlog infromation
+#
+# * audit_db can be same as the XASecure schema db
+# * audit_db must exists in the same ${db_host} as xaserver database ${db_name}
+# * audit_user must be a different user than db_user (as audit user has access to only audit tables)
+#
+audit_db_name=xasecure
+audit_db_user=xalogger
+audit_db_password=
+
+#------------------------- MYSQL CONFIG - END ----------------------------------
+
+#
+# ------- PolicyManager CONFIG ----------------
+#
+
+policymgr_external_url=http://localhost:6080
+policymgr_http_enabled=true
+
+#
+# ------- PolicyManager CONFIG - END ---------------
+#
+
+
+#
+# ------- UNIX User CONFIG ----------------
+#
+unix_user=xasecure
+unix_group=xasecure
+
+#
+# ------- UNIX User CONFIG - END ----------------
+#
+
+#
+# UNIX authentication service for Policy Manager
+#
+# PolicyManager can authenticate using UNIX username/password
+# The UNIX server specified here as authServiceHostName needs to be installed with xasecure-unix-ugsync package.
+# Once the service is installed on authServiceHostName, the UNIX username/password from the host <authServiceHostName> can be used to login into policy manager
+#
+# ** The installation of xasecure-unix-ugsync package can be installed after the policymanager installation is finished.
+#
+#LDAP|ACTIVE_DIRECTORY|UNIX|NONE
+authentication_method=NONE
+remoteLoginEnabled=true
+authServiceHostName=localhost
+authServicePort=5151
+
+####LDAP settings - Required only if have selected LDAP authentication ####
+#
+# Sample Settings
+#
+#xa_ldap_url="ldap://71.127.43.33:389"
+#xa_ldap_userDNpattern="uid={0},ou=users,dc=xasecure,dc=net"
+#xa_ldap_groupSearchBase="ou=groups,dc=xasecure,dc=net"
+#xa_ldap_groupSearchFilter="(member=uid={0},ou=users,dc=xasecure,dc=net)"
+#xa_ldap_groupRoleAttribute="cn"
+
+xa_ldap_url=
+xa_ldap_userDNpattern=
+xa_ldap_groupSearchBase=
+xa_ldap_groupSearchFilter=
+xa_ldap_groupRoleAttribute=
+
+####ACTIVE_DIRECTORY settings - Required only if have selected AD authentication ####
+#
+# Sample Settings
+#
+#xa_ldap_ad_domain="xasecure.net"
+#xa_ldap_ad_url="ldap://ad.xasecure.net:389"
+
+xa_ldap_ad_domain=
+xa_ldap_ad_url=
+#
+# -----------------------------------------------------------
+#
+
+# ################# DO NOT MODIFY ANY VARIABLES BELOW #########################
+#
+# --- These deployment variables are not to be modified unless you understand the full impact of the changes
+#
+################################################################################
+
+JAVA_BIN='java'
+JAVA_VERSION_REQUIRED='1.7'
+JAVA_ORACLE='Java(TM) SE Runtime Environment'
+
+#
+
+#cred_keystore_filename=/usr/lib/xapolicymgr/.jceks/xapolicymgr.jceks