You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/10/10 18:03:16 UTC
incubator-ranger git commit: RANGER-673 : Setup changes to allow
Ranger service to installed using custom service user
Repository: incubator-ranger
Updated Branches:
refs/heads/master 35aa706ec -> c22bdecf8
RANGER-673 : Setup changes to allow Ranger service to installed using custom service user
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/c22bdecf
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/c22bdecf
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/c22bdecf
Branch: refs/heads/master
Commit: c22bdecf8e028ec9e91d948d61d3dbbfbd00935e
Parents: 35aa706
Author: Gautam Borad <gb...@gmail.com>
Authored: Tue Oct 6 17:07:10 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Sat Oct 10 12:02:57 2015 -0400
----------------------------------------------------------------------
agents-common/scripts/enable-agent.sh | 28 +++++++++++++++++++++++++++-
hbase-agent/scripts/install.properties | 13 +++++++++++++
hdfs-agent/scripts/install.properties | 13 +++++++++++++
hive-agent/scripts/install.properties | 13 +++++++++++++
kms/scripts/setup.sh | 7 ++++++-
knox-agent/scripts/install.properties | 14 ++++++++++++++
plugin-kafka/scripts/install.properties | 14 ++++++++++++++
plugin-kms/scripts/enable-kms-plugin.sh | 28 +++++++++++++++++++++++++++-
plugin-solr/scripts/install.properties | 14 ++++++++++++++
plugin-yarn/scripts/install.properties | 13 +++++++++++++
security-admin/scripts/set_globals.sh | 6 ++++++
security-admin/scripts/setup.sh | 11 +++++++++++
storm-agent/scripts/install.properties | 13 +++++++++++++
unixauthservice/scripts/set_globals.sh | 5 +++++
unixauthservice/scripts/setup.py | 20 ++++++++++++++++----
15 files changed, 205 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/agents-common/scripts/enable-agent.sh
----------------------------------------------------------------------
diff --git a/agents-common/scripts/enable-agent.sh b/agents-common/scripts/enable-agent.sh
index 55130a5..f3db125 100755
--- a/agents-common/scripts/enable-agent.sh
+++ b/agents-common/scripts/enable-agent.sh
@@ -23,7 +23,7 @@ function getInstallProperty() {
do
if [ -f "${file}" ]
then
- propertyValue=`grep "^${propertyName}" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'`
+ propertyValue=`grep "^${propertyName}[ \t]*=" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'`
if [ "${propertyValue}" != "" ]
then
break
@@ -123,6 +123,32 @@ JAVA=$JAVA_HOME/bin/java
HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'COMPONENT_INSTALL_DIR_NAME')
+
+CUSTOM_USER=$(getInstallProperty 'CUSTOM_USER')
+CUSTOM_USER=${CUSTOM_USER// }
+
+CUSTOM_GROUP=$(getInstallProperty 'CUSTOM_GROUP')
+CUSTOM_GROUP=${CUSTOM_GROUP// }
+
+
+
+if [ ! -z "${CUSTOM_USER}" ] && [ ! -z "${CUSTOM_GROUP}" ]
+then
+ echo "Custom user and group is available, using custom user and group."
+ CFG_OWNER_INF="${CUSTOM_USER}:${CUSTOM_GROUP}"
+elif [ ! -z "${CUSTOM_USER}" ] && [ -z "${CUSTOM_GROUP}" ]
+then
+ echo "Custom user is available, using custom user and default group."
+ CFG_OWNER_INF="${CUSTOM_USER}:${HCOMPONENT_NAME}"
+elif [ -z "${CUSTOM_USER}" ] && [ ! -z "${CUSTOM_GROUP}" ]
+then
+ echo "Custom group is available, using default user and custom group."
+ CFG_OWNER_INF="${HCOMPONENT_NAME}:${CUSTOM_GROUP}"
+else
+ echo "Custom user and group are not available, using default user and group."
+ CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}"
+fi
+
if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ]
then
HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/hbase-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties
index 5df518a..795ea3e 100644
--- a/hbase-agent/scripts/install.properties
+++ b/hbase-agent/scripts/install.properties
@@ -161,3 +161,16 @@ SSL_TRUSTSTORE_PASSWORD=changeit
# UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false
#
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=hbase
+
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=hadoop
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/hdfs-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties
index fa21949..b4dda13 100644
--- a/hdfs-agent/scripts/install.properties
+++ b/hdfs-agent/scripts/install.properties
@@ -149,3 +149,16 @@ SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=hdfs
+
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=hadoop
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/hive-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties
index 2e41a37..6b71a85 100644
--- a/hive-agent/scripts/install.properties
+++ b/hive-agent/scripts/install.properties
@@ -158,3 +158,16 @@ SSL_TRUSTSTORE_PASSWORD=changeit
# UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false
#
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=hive
+
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=hadoop
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/kms/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh
index e0c3136..96bf6a0 100755
--- a/kms/scripts/setup.sh
+++ b/kms/scripts/setup.sh
@@ -538,7 +538,9 @@ setup_install_files(){
if [ -d /etc/init.d ]; then
log "[I] Setting up init.d"
cp ${INSTALL_DIR}/${RANGER_KMS}-initd /etc/init.d/${RANGER_KMS}
-
+ if [ "${unix_user}" != "kms" ]; then
+ sed 's/LINUX_USER=kms/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_KMS}
+ fi
chmod ug+rx /etc/init.d/${RANGER_KMS}
if [ -d /etc/rc2.d ]
@@ -584,6 +586,9 @@ setup_install_files(){
chown -R ${unix_user} ${KMS_DIR}/ews/logs
fi
+ if [ -d ${KMS_DIR}/ews/logs ]; then
+ chown -R ${unix_user} ${KMS_DIR}/ews/logs
+ fi
log "[I] Setting up installation files and directory DONE";
if [ ! -f ${INSTALL_DIR}/rpm ]; then
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/knox-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties
index 506c53c..1febd49 100644
--- a/knox-agent/scripts/install.properties
+++ b/knox-agent/scripts/install.properties
@@ -152,3 +152,17 @@ SSL_KEYSTORE_FILE_PATH=/etc/knox/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/knox/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
+
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=knox
+
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=knox
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/plugin-kafka/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-kafka/scripts/install.properties b/plugin-kafka/scripts/install.properties
index bc6481b..79ea6db 100644
--- a/plugin-kafka/scripts/install.properties
+++ b/plugin-kafka/scripts/install.properties
@@ -155,3 +155,17 @@ SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
+
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=kafka
+
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=hadoop
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/plugin-kms/scripts/enable-kms-plugin.sh
----------------------------------------------------------------------
diff --git a/plugin-kms/scripts/enable-kms-plugin.sh b/plugin-kms/scripts/enable-kms-plugin.sh
index 53187f7..468d39e 100755
--- a/plugin-kms/scripts/enable-kms-plugin.sh
+++ b/plugin-kms/scripts/enable-kms-plugin.sh
@@ -23,7 +23,7 @@ function getInstallProperty() {
do
if [ -f "${file}" ]
then
- propertyValue=`grep "^${propertyName}" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'`
+ propertyValue=`grep "^${propertyName}[ \t]*=" ${file} | awk -F= '{ sub("^[ \t]*", "", $2); sub("[ \t]*$", "", $2); print $2 }'`
if [ "${propertyValue}" != "" ]
then
break
@@ -118,6 +118,32 @@ JAVA=$JAVA_HOME/bin/java
HCOMPONENT_INSTALL_DIR_NAME=$(getInstallProperty 'COMPONENT_INSTALL_DIR_NAME')
+unix_user=$(getInstallProperty 'unix_user')
+unix_user=${unix_user// }
+
+unix_group=$(getInstallProperty 'unix_group')
+unix_group=${unix_group// }
+
+
+
+if [ ! -z "${unix_user}" ] && [ ! -z "${unix_group}" ]
+then
+ echo "Custom user and group is available, using custom user and group."
+ CFG_OWNER_INF="${unix_user}:${unix_group}"
+elif [ ! -z "${unix_user}" ] && [ -z "${unix_group}" ]
+then
+ echo "Custom user is available, using custom user and default group."
+ CFG_OWNER_INF="${unix_user}:${HCOMPONENT_NAME}"
+elif [ -z "${unix_user}" ] && [ ! -z "${unix_group}" ]
+then
+ echo "Custom group is available, using default user and custom group."
+ CFG_OWNER_INF="${HCOMPONENT_NAME}:${unix_group}"
+else
+ echo "Custom user and group are not available, using default user and group."
+ CFG_OWNER_INF="${HCOMPONENT_NAME}:${HCOMPONENT_NAME}"
+fi
+
+
if [ "${HCOMPONENT_INSTALL_DIR_NAME}" = "" ]
then
HCOMPONENT_INSTALL_DIR_NAME=${HCOMPONENT_NAME}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/plugin-solr/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties
index 9bc305b..a3d9887 100644
--- a/plugin-solr/scripts/install.properties
+++ b/plugin-solr/scripts/install.properties
@@ -155,3 +155,17 @@ SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
+
+
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=solr
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=solr
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/plugin-yarn/scripts/install.properties
----------------------------------------------------------------------
diff --git a/plugin-yarn/scripts/install.properties b/plugin-yarn/scripts/install.properties
index 01f733d..3780068 100644
--- a/plugin-yarn/scripts/install.properties
+++ b/plugin-yarn/scripts/install.properties
@@ -147,3 +147,16 @@ SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=yarn
+
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=hadoop
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/security-admin/scripts/set_globals.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/set_globals.sh b/security-admin/scripts/set_globals.sh
index 2c00aed..9a4159c 100755
--- a/security-admin/scripts/set_globals.sh
+++ b/security-admin/scripts/set_globals.sh
@@ -91,5 +91,11 @@ if [ ! -d /var/log/ranger/admin ]; then
chmod 755 /var/log/ranger/admin
chown -R $unix_user:$unix_group /var/log/ranger
fi
+
+if [ -d /var/log/ranger/admin ]; then
+ chown -R $unix_user:$unix_group /var/log/ranger/admin
+fi
+
+
mv -f ews/logs ews/webapp/logs.$curDt 2> /dev/null
ln -sf /var/log/ranger/admin ews/logs
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 71c424c..9710706 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -1516,6 +1516,10 @@ setup_install_files(){
chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf
fi
+ if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then
+ chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf
+ fi
+
if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then
log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/lib"
mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/lib
@@ -1525,6 +1529,9 @@ setup_install_files(){
if [ -d /etc/init.d ]; then
log "[I] Setting up init.d"
cp ${INSTALL_DIR}/ews/${RANGER_ADMIN_INITD} /etc/init.d/${RANGER_ADMIN}
+ if [ "${unix_user}" != "ranger" ]; then
+ sed 's/LINUX_USER=ranger/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_ADMIN}
+ fi
chmod ug+rx /etc/init.d/${RANGER_ADMIN}
@@ -1571,6 +1578,10 @@ setup_install_files(){
chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs
fi
+ if [ -d ${XAPOLICYMGR_DIR}/ews/logs ]; then
+ chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs
+ fi
+
log "[I] Setting up installation files and directory DONE";
if [ ! -f ${INSTALL_DIR}/rpm ]; then
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/storm-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/storm-agent/scripts/install.properties b/storm-agent/scripts/install.properties
index 82f17af..f2aa5c4 100644
--- a/storm-agent/scripts/install.properties
+++ b/storm-agent/scripts/install.properties
@@ -149,3 +149,16 @@ SSL_KEYSTORE_FILE_PATH=/etc/storm/conf/ranger-plugin-keystore.jks
SSL_KEYSTORE_PASSWORD=myKeyFilePassword
SSL_TRUSTSTORE_FILE_PATH=/etc/storm/conf/ranger-plugin-truststore.jks
SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# Custom component user
+# CUSTOM_COMPONENT_USER=<custom-user>
+# keep blank if component user is default
+CUSTOM_USER=storm
+
+
+#
+# Custom component group
+# CUSTOM_COMPONENT_GROUP=<custom-group>
+# keep blank if component group is default
+CUSTOM_GROUP=hadoop
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/unixauthservice/scripts/set_globals.sh
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/set_globals.sh b/unixauthservice/scripts/set_globals.sh
index c77fbf9..c92dfdc 100755
--- a/unixauthservice/scripts/set_globals.sh
+++ b/unixauthservice/scripts/set_globals.sh
@@ -89,5 +89,10 @@ if [ ! -d /var/log/ranger/usersync ]; then
chmod 755 /var/log/ranger/usersync
chown -R $unix_user:$unix_group /var/log/ranger
fi
+
+if [ -d /var/log/ranger/usersync ]; then
+ chown -R $unix_user:$unix_group /var/log/ranger/usersync
+fi
+
mv -f logs logs.$curDt 2> /dev/null
ln -sf /var/log/ranger/usersync logs
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c22bdecf/unixauthservice/scripts/setup.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
index 5ba50d3..31c486e 100755
--- a/unixauthservice/scripts/setup.py
+++ b/unixauthservice/scripts/setup.py
@@ -232,13 +232,25 @@ def createGroup(groupname):
print "ERROR: Unable to create a new group: %s" % (groupname,e)
sys.exit(1)
-def initializeInitD():
+def initializeInitD(ownerName):
if (os.path.isdir(initdDirName)):
fn = join(installPropDirName,initdProgramName)
initdFn = join(initdDirName,initdProgramName)
shutil.copy(fn, initdFn)
- os.chmod(initdFn,0550)
- rcDirList = [ "/etc/rc2.d", "/etc/rc3.d", "/etc/rc.d/rc2.d", "/etc/rc.d/rc3.d" ]
+ if (ownerName != 'ranger'):
+ f = open(initdFn,'r')
+ filedata = f.read()
+ f.close()
+ find_str = "LINUX_USER=ranger"
+ replace_str = "LINUX_USER="+ ownerName
+ newdata = filedata.replace(find_str,replace_str)
+
+ f = open(initdFn,'w')
+ f.write(newdata)
+ f.close()
+
+ os.chmod(initdFn,0550)
+ rcDirList = [ "/etc/rc2.d", "/etc/rc3.d", "/etc/rc.d/rc2.d", "/etc/rc.d/rc3.d" ]
for rcDir in rcDirList:
if (os.path.isdir(rcDir)):
for prefix in initPrefixList:
@@ -365,7 +377,7 @@ def main():
os.chown(pidFolderName,ownerId,groupId)
os.chown(rangerBaseDirName,ownerId,groupId)
- initializeInitD()
+ initializeInitD(ownerName)
#
# Add password to crypt path