Repository: ambari Updated Branches: refs/heads/trunk 46b23d40b -> 4cbf3a876
http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py index 28fabe5..9acf8f8 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params.py @@ -148,14 +148,26 @@ if security_enabled: # ranger host ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) +user_input = default("/configurations/ranger-knox-plugin-properties/ranger-knox-plugin-enabled", "no") has_ranger_admin = not len(ranger_admin_hosts) == 0 if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0: - # Setting Flag value for ranger hbase plugin + # Setting Flag value for ranger hbase plugin + enable_ranger_knox = False + user_input = config['configurations']['ranger-knox-plugin-properties']['ranger-knox-plugin-enabled'] + if user_input.lower() == 'yes': + enable_ranger_knox = True + elif user_input.lower() == 'no': enable_ranger_knox = False - user_input = config['configurations']['ranger-knox-plugin-properties']['ranger-knox-plugin-enabled'] - if user_input.lower() == 'yes': - enable_ranger_knox = True - elif user_input.lower() == 'no': - enable_ranger_knox = False + +ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0] + +jdk_location = config['hostLevelParams']['jdk_location'] +java_share_dir = '/usr/share/java' +jdbc_jar_name = "mysql-connector-java.jar" + +downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") + +driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") +driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}") \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py index 76185a8..847f2dd 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py @@ -8,7 +8,7 @@ to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, @@ -22,162 +22,184 @@ import fileinput import subprocess import json import re +import os from resource_management import * from resource_management.libraries.functions.ranger_functions import Rangeradmin from resource_management.core.logger import Logger def setup_ranger_knox(env): - import params - env.set_params(params) - - if params.has_ranger_admin: - try: - command = 'hdp-select status knox-server' - return_code, hdp_output = shell.call(command, timeout=20) - except Exception, e: - Logger.error(str(e)) - raise Fail('Unable to execute hdp-select command to retrieve the version.') - - if return_code != 0: - raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code))) - - hdp_version = re.sub('knox-server - ', '', hdp_output) - match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version) - - if match is None: - raise Fail('Failed to get extracted version') - - file_path = '/usr/hdp/'+ hdp_version +'/ranger-knox-plugin/install.properties' - - ranger_knox_dict = ranger_knox_properties(params) - knox_repo_data = knox_repo_properties(params) - - write_properties_to_file(file_path, ranger_knox_dict) - - if params.enable_ranger_knox: - cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh enable-knox-plugin.sh') - ranger_adm_obj = Rangeradmin(url=ranger_knox_dict['POLICY_MGR_URL']) - response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_knox_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test') - - if response_code is not None and response_code == 200: - repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_knox_dict['REPOSITORY_NAME'], 'knox', 'true', 'admin:admin') - - if repo and repo['name'] == ranger_knox_dict['REPOSITORY_NAME']: - Logger.info('Knox Repository exist') - else: - response = ranger_adm_obj.create_repository_urllib2(knox_repo_data, 'admin:admin') - if response is not None: - Logger.info('Knox Repository created in Ranger Admin') - else: - Logger.info('Knox Repository creation failed in Ranger Admin') + import params + env.set_params(params) + + if params.has_ranger_admin: + + environment = {"no_proxy": format("{params.ambari_server_hostname}")} + + Execute(('curl', '-kf', '-x', "", '--retry', '10', params.driver_curl_source, '-o', + params.downloaded_custom_connector), + not_if=format("test -f {params.downloaded_custom_connector}"), + path=["/bin", "/usr/bin/"], + environment=environment, + sudo=True) + + if not os.path.isfile(params.driver_curl_target): + Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target), + path=["/bin", "/usr/bin/"], + sudo=True) + + try: + command = 'hdp-select status knox-server' + return_code, hdp_output = shell.call(command, timeout=20) + except Exception, e: + Logger.error(str(e)) + raise Fail('Unable to execute hdp-select command to retrieve the version.') + + if return_code != 0: + raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code))) + + hdp_version = re.sub('knox-server - ', '', hdp_output) + match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version) + + if match is None: + raise Fail('Failed to get extracted version') + + file_path = '/usr/hdp/'+ hdp_version +'/ranger-knox-plugin/install.properties' + + ranger_knox_dict = ranger_knox_properties(params) + knox_repo_data = knox_repo_properties(params) + + write_properties_to_file(file_path, ranger_knox_dict) + + if params.enable_ranger_knox: + cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh enable-knox-plugin.sh') + ranger_adm_obj = Rangeradmin(url=ranger_knox_dict['POLICY_MGR_URL']) + response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_knox_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test') + + if response_code is not None and response_code == 200: + ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username'] + ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password'] + ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin') + ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password + if ambari_ranger_admin != '' and ambari_ranger_password != '': + repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_knox_dict['REPOSITORY_NAME'], 'knox', 'true', ambari_username_password_for_ranger) + if repo and repo['name'] == ranger_knox_dict['REPOSITORY_NAME']: + Logger.info('Knox Repository exist') + else: + response = ranger_adm_obj.create_repository_urllib2(knox_repo_data, ambari_username_password_for_ranger) + if response is not None: + Logger.info('Knox Repository created in Ranger Admin') else: - Logger.info('Ranger service is not started on given host') + Logger.info('Knox Repository creation failed in Ranger Admin') else: - cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh disable-knox-plugin.sh') - - Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True) + Logger.info('Ambari admin username and password are blank ') + else: + Logger.info('Ranger service is not started on given host') else: - Logger.info('Ranger admin not installed') + cmd = format('cd /usr/hdp/{hdp_version}/ranger-knox-plugin/ && sh disable-knox-plugin.sh') + + Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True) + else: + Logger.info('Ranger admin not installed') def write_properties_to_file(file_path, value): - for key in value: - modify_config(file_path, key, value[key]) + for key in value: + modify_config(file_path, key, value[key]) def modify_config(filepath, variable, setting): - var_found = False - already_set = False - V=str(variable) - S=str(setting) - # use quotes if setting has spaces # - if ' ' in S: - S = '%s' % S - - for line in fileinput.input(filepath, inplace = 1): - # process lines that look like config settings # - if not line.lstrip(' ').startswith('#') and '=' in line: - _infile_var = str(line.split('=')[0].rstrip(' ')) - _infile_set = str(line.split('=')[1].lstrip(' ').rstrip()) - # only change the first matching occurrence # - if var_found == False and _infile_var.rstrip(' ') == V: - var_found = True - # don't change it if it is already set # - if _infile_set.lstrip(' ') == S: - already_set = True - else: - line = "%s=%s\n" % (V, S) - - sys.stdout.write(line) - - # Append the variable if it wasn't found # - if not var_found: - with open(filepath, "a") as f: - f.write("%s=%s\n" % (V, S)) - elif already_set == True: - pass - else: - pass + var_found = False + already_set = False + V=str(variable) + S=str(setting) + # use quotes if setting has spaces # + if ' ' in S: + S = '%s' % S + + for line in fileinput.input(filepath, inplace = 1): + # process lines that look like config settings # + if not line.lstrip(' ').startswith('#') and '=' in line: + _infile_var = str(line.split('=')[0].rstrip(' ')) + _infile_set = str(line.split('=')[1].lstrip(' ').rstrip()) + # only change the first matching occurrence # + if var_found == False and _infile_var.rstrip(' ') == V: + var_found = True + # don't change it if it is already set # + if _infile_set.lstrip(' ') == S: + already_set = True + else: + line = "%s=%s\n" % (V, S) + + sys.stdout.write(line) + + # Append the variable if it wasn't found # + if not var_found: + with open(filepath, "a") as f: + f.write("%s=%s\n" % (V, S)) + elif already_set == True: + pass + else: + pass - return + return def ranger_knox_properties(params): - ranger_knox_properties = dict() - - ranger_knox_properties['POLICY_MGR_URL'] = params.config['configurations']['admin-properties']['policymgr_external_url'] - ranger_knox_properties['SQL_CONNECTOR_JAR'] = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR'] - ranger_knox_properties['XAAUDIT.DB.FLAVOUR'] = params.config['configurations']['admin-properties']['DB_FLAVOR'] - ranger_knox_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name'] - ranger_knox_properties['XAAUDIT.DB.USER_NAME'] = params.config['configurations']['admin-properties']['audit_db_user'] - ranger_knox_properties['XAAUDIT.DB.PASSWORD'] = params.config['configurations']['admin-properties']['audit_db_password'] - ranger_knox_properties['XAAUDIT.DB.HOSTNAME'] = params.config['configurations']['admin-properties']['db_host'] - ranger_knox_properties['REPOSITORY_NAME'] = params.config['clusterName'] + '_knox' - - ranger_knox_properties['KNOX_HOME'] = params.config['configurations']['ranger-knox-plugin-properties']['KNOX_HOME'] - - ranger_knox_properties['XAAUDIT.DB.IS_ENABLED'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.DB.IS_ENABLED'] - - ranger_knox_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED'] - ranger_knox_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] - ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] - ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] - ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE'] - ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] - ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] - ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] - ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] - ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] - ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] - ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] - - - ranger_knox_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_FILE_PATH'] - ranger_knox_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_PASSWORD'] - ranger_knox_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH'] - ranger_knox_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_PASSWORD'] - - - return ranger_knox_properties + ranger_knox_properties = dict() + + ranger_knox_properties['POLICY_MGR_URL'] = params.config['configurations']['admin-properties']['policymgr_external_url'] + ranger_knox_properties['SQL_CONNECTOR_JAR'] = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR'] + ranger_knox_properties['XAAUDIT.DB.FLAVOUR'] = params.config['configurations']['admin-properties']['DB_FLAVOR'] + ranger_knox_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name'] + ranger_knox_properties['XAAUDIT.DB.USER_NAME'] = params.config['configurations']['admin-properties']['audit_db_user'] + ranger_knox_properties['XAAUDIT.DB.PASSWORD'] = params.config['configurations']['admin-properties']['audit_db_password'] + ranger_knox_properties['XAAUDIT.DB.HOSTNAME'] = params.config['configurations']['admin-properties']['db_host'] + ranger_knox_properties['REPOSITORY_NAME'] = str(params.config['clusterName']) + '_knox' + + ranger_knox_properties['KNOX_HOME'] = params.config['configurations']['ranger-knox-plugin-properties']['KNOX_HOME'] + + ranger_knox_properties['XAAUDIT.DB.IS_ENABLED'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.DB.IS_ENABLED'] + + ranger_knox_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED'] + ranger_knox_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] + ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] + ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] + ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE'] + ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] + ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] + ranger_knox_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] + ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] + ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] + ranger_knox_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] + ranger_knox_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-knox-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] + + + ranger_knox_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_FILE_PATH'] + ranger_knox_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_KEYSTORE_PASSWORD'] + ranger_knox_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH'] + ranger_knox_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-knox-plugin-properties']['SSL_TRUSTSTORE_PASSWORD'] + + + return ranger_knox_properties def knox_repo_properties(params): - knoxHost = params.config['clusterHostInfo']['knox_gateway_hosts'][0] - knoxPort = params.config['configurations']['gateway-site']['gateway.port'] + knoxHost = params.config['clusterHostInfo']['knox_gateway_hosts'][0] + knoxPort = params.config['configurations']['gateway-site']['gateway.port'] - config_dict = dict() - config_dict['username'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME'] - config_dict['password'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME'] - config_dict['knox.url'] = 'https://' + knoxHost + ':' + str(knoxPort) +'/gateway/admin/api/v1/topologies' - config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-knox-plugin-properties']['common.name.for.certificate'] + config_dict = dict() + config_dict['username'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME'] + config_dict['password'] = params.config['configurations']['ranger-knox-plugin-properties']['REPOSITORY_CONFIG_USERNAME'] + config_dict['knox.url'] = 'https://' + knoxHost + ':' + str(knoxPort) +'/gateway/admin/api/v1/topologies' + config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-knox-plugin-properties']['common.name.for.certificate'] - repo= dict() - repo['isActive'] = "true" - repo['config'] = json.dumps(config_dict) - repo['description'] = "knox repo" - repo['name'] = params.config['clusterName'] + "_knox" - repo['repositoryType'] = "Knox" - repo['assetType'] = '5' + repo= dict() + repo['isActive'] = "true" + repo['config'] = json.dumps(config_dict) + repo['description'] = "knox repo" + repo['name'] = str(params.config['clusterName']) + "_knox" + repo['repositoryType'] = "Knox" + repo['assetType'] = '5' - data = json.dumps(repo) + data = json.dumps(repo) - return data + return data http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml index fbe5d64..90ad661 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-env.xml @@ -44,6 +44,20 @@ <name>ranger_usersync_log_dir</name> <value>/var/log/ranger/usersync</value> <description></description> - </property> + </property> + + <property> + <name>ranger_admin_username</name> + <value>amb_ranger_admin</value> + <property-type>TEXT</property-type> + <description></description> + </property> + + <property> + <name>ranger_admin_password</name> + <value>ambari123</value> + <property-type>PASSWORD</property-type> + <description></description> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml new file mode 100644 index 0000000..c17e95a --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false"> + + <property> + <name>HTTP_SERVICE_PORT</name> + <value>6080</value> + <description>The http port to be used</description> + </property> + + <property> + <name>HTTPS_SERVICE_PORT</name> + <value>6182</value> + <description>The secured https port to be used</description> + </property> + + <property> + <name>HTTPS_KEYSTORE_FILE</name> + <value>/etc/ranger/admin/keys/server.jks</value> + <description>The keystore file location</description> + </property> + + <property> + <name>HTTPS_KEYSTORE_PASS</name> + <value>ranger</value> + <description>The keystore pass to be used </description> + </property> + + <property> + <name>HTTPS_KEY_ALIAS</name> + <value>myKey</value> + <description>The key alias to be used </description> + </property> + + <property> + <name>HTTPS_CLIENT_AUTH</name> + <value>want</value> + <description>The client auth to be used </description> + </property> + + <property> + <name>HTTP_ENABLED</name> + <value>true</value> + <description>http enabled or https enabled </description> + </property> + + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml index db6544b..a0f4e93 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/metainfo.xml @@ -70,6 +70,7 @@ <configuration-dependencies> <config-type>admin-properties</config-type> + <config-type>ranger-site</config-type> <config-type>usersync-properties</config-type> </configuration-dependencies> http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py index 2deac53..fcdddd1 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py @@ -30,6 +30,7 @@ stack_is_hdp22_or_further = hdp_stack_version != "" and compare_versions(hdp_sta if stack_is_hdp22_or_further: ranger_home = '/usr/hdp/current/ranger-admin' + ranger_conf = '/etc/ranger/admin/conf' ranger_stop = '/usr/bin/ranger-admin-stop' ranger_start = '/usr/bin/ranger-admin-start' usersync_home = '/usr/hdp/current/ranger-usersync' @@ -41,3 +42,14 @@ else: java_home = config['hostLevelParams']['java_home'] unix_user = default("/configurations/ranger-env/ranger_user", "ranger") unix_group = default("/configurations/ranger-env/ranger_group", "ranger") + +ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0] + +jdk_location = config['hostLevelParams']['jdk_location'] +java_share_dir = '/usr/share/java' +jdbc_jar_name = "mysql-connector-java.jar" + +downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") + +driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") +driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}") \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py index 36a5759..dbe43c0 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py @@ -25,33 +25,37 @@ from resource_management.core.logger import Logger from resource_management.core import shell from setup_ranger import setup_ranger + class RangerAdmin(Script): - def install(self, env): - self.install_packages(env) - setup_ranger(env) - - def stop(self, env): - import params - env.set_params(params) - Execute(format('{params.ranger_stop}')) - - def start(self, env): - import params - setup_ranger(env) - Execute(format('{params.ranger_start}')) - - def status(self, env): - cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep' - code, output = shell.call(cmd, timeout=20) - - if code != 0: - Logger.debug('Ranger admin process not running') - raise ComponentIsNotRunning() - pass - - def configure(self, env): - import params - env.set_params(params) + def install(self, env): + self.install_packages(env) + setup_ranger(env) + + def stop(self, env): + import params + + env.set_params(params) + Execute(format('{params.ranger_stop}')) + + def start(self, env): + import params + + setup_ranger(env) + Execute(format('{params.ranger_start}')) + + def status(self, env): + cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep' + code, output = shell.call(cmd, timeout=20) + + if code != 0: + Logger.debug('Ranger admin process not running') + raise ComponentIsNotRunning() + pass + + def configure(self, env): + import params + + env.set_params(params) if __name__ == "__main__": http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py index e474092..649d28c 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py @@ -24,32 +24,36 @@ from resource_management.core.logger import Logger from resource_management.core import shell from setup_ranger import setup_usersync + class RangerUsersync(Script): - def install(self, env): - self.install_packages(env) - setup_usersync(env) - - def stop(self, env): - import params - Execute(format('{params.usersync_stop}')) - - def start(self, env): - import params - setup_usersync(env) - Execute(format('{params.usersync_start}')) - - def status(self, env): - cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep' - code, output = shell.call(cmd, timeout=20) - - if code != 0: - Logger.debug('Ranger usersync process not running') - raise ComponentIsNotRunning() - pass - - def configure(self, env): - import params - env.set_params(params) + def install(self, env): + self.install_packages(env) + setup_usersync(env) + + def stop(self, env): + import params + + Execute(format('{params.usersync_stop}')) + + def start(self, env): + import params + + setup_usersync(env) + Execute(format('{params.usersync_start}')) + + def status(self, env): + cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep' + code, output = shell.call(cmd, timeout=20) + + if code != 0: + Logger.debug('Ranger usersync process not running') + raise ComponentIsNotRunning() + pass + + def configure(self, env): + import params + + env.set_params(params) if __name__ == "__main__": http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py index 51bbf52..69f955f 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/service_check.py @@ -23,10 +23,11 @@ from resource_management import * class RangerServiceCheck(Script): def service_check(self, env): import params + env.set_params(params) self.check_ranger_admin_service() self.check_ranger_usersync_service() - + def check_ranger_admin_service(self): cmd = 'ps -ef | grep proc_rangeradmin | grep -v grep' code, output = shell.call(cmd, timeout=20) @@ -35,6 +36,7 @@ class RangerServiceCheck(Script): else: Logger.debug('Ranger admin process not running') raise ComponentIsNotRunning() + pass @@ -46,6 +48,7 @@ class RangerServiceCheck(Script): else: Logger.debug('Ranger usersync process not running') raise ComponentIsNotRunning() + pass http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py index 81e3f2e..7e7a119 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py @@ -25,129 +25,188 @@ import os from resource_management import * from resource_management.core.logger import Logger + def setup_ranger(env): - import params - env.set_params(params) + import params + + env.set_params(params) + + if check_db_connnection(env): + + environment = {"no_proxy": format("{params.ambari_server_hostname}")} + + Execute(('curl', '-kf', '-x', "", '--retry', '10', params.driver_curl_source, '-o', + params.downloaded_custom_connector), + not_if=format("test -f {params.downloaded_custom_connector}"), + path=["/bin", "/usr/bin/"], + environment=environment, + sudo=True) + + if not os.path.isfile(params.driver_curl_target): + Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target), + path=["/bin", "/usr/bin/"], + sudo=True) + + file_path = params.ranger_home + '/install.properties' + + if os.path.isfile(file_path): + shutil.copyfile(file_path, params.ranger_home + '/install-bk.properties') + else: + raise Fail('Ranger admin install.properties file doesnot exist') + + write_properties_to_file(file_path, params.config['configurations']['admin-properties']) + + cmd = format('cd {ranger_home} && {ranger_home}/setup.sh') + + try: + opt = Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True) + except Exception, e: + if os.path.isfile(params.ranger_home + '/install-bk.properties'): + os.remove(file_path) + os.rename(params.ranger_home + '/install-bk.properties', file_path) + raise Fail('Ranger installation Failed, {0}'.format(str(e))) + + do_post_installation(env) + + if os.path.isfile(params.ranger_home + '/install-bk.properties'): + os.remove(file_path) + os.rename(params.ranger_home + '/install-bk.properties', file_path) + else: + raise Fail('Ranger admin install.properties backup file doesnot exist') + + +def do_post_installation(env): + import params + + env.set_params(params) + Logger.info('Performing Ranger post installation..') + + file_path = params.ranger_conf + '/ranger_webserver.properties' + d = dict() + d['http.service.port'] = params.config['configurations']['ranger-site']['HTTP_SERVICE_PORT'] + d['https.service.port'] = params.config['configurations']['ranger-site']['HTTPS_SERVICE_PORT'] + d['https.attrib.keystoreFile'] = params.config['configurations']['ranger-site']['HTTPS_KEYSTORE_FILE'] + d['https.attrib.keystorePass'] = params.config['configurations']['ranger-site']['HTTPS_KEYSTORE_PASS'] + d['https.attrib.keyAlias'] = params.config['configurations']['ranger-site']['HTTPS_KEY_ALIAS'] + d['https.attrib.clientAuth'] = params.config['configurations']['ranger-site']['HTTPS_CLIENT_AUTH'] + write_properties_to_file(file_path, d) + + d.clear(); + + file_path = params.ranger_conf + '/xa_system.properties' + d['http.enabled'] = params.config['configurations']['ranger-site']['HTTP_ENABLED'] + write_properties_to_file(file_path, d) + Logger.info('Performing Ranger post installation..DONE') - if check_db_connnection(env): - file_path = params.ranger_home + '/install.properties' - if os.path.isfile(file_path): - shutil.copyfile(file_path, params.ranger_home + '/install-bk.properties') - else: - raise Fail('Ranger admin install.properties file doesnot exist') - - write_properties_to_file(file_path, params.config['configurations']['admin-properties']) - - cmd = format('cd {ranger_home} && {ranger_home}/setup.sh') - - try: - opt = Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True) - except Exception, e: - if os.path.isfile(params.ranger_home + '/install-bk.properties'): - os.remove(file_path) - os.rename(params.ranger_home + '/install-bk.properties', file_path) - raise Fail('Ranger installation Failed, {0}'.format(str(e))) - - if os.path.isfile(params.ranger_home + '/install-bk.properties'): - os.remove(file_path) - os.rename(params.ranger_home + '/install-bk.properties', file_path) - else: - raise Fail('Ranger admin install.properties backup file doesnot exist') - def setup_usersync(env): - import params - env.set_params(params) + import params + + env.set_params(params) + + file_path = params.usersync_home + '/install.properties' + write_properties_to_file(file_path, usersync_properties(params)) + + cmd = format('cd {usersync_home} && {usersync_home}/setup.sh') + Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True) - file_path = params.usersync_home + '/install.properties' - write_properties_to_file(file_path, usersync_properties(params)) - - cmd = format('cd {usersync_home} && {usersync_home}/setup.sh') - Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True) def write_properties_to_file(file_path, value): - for key in value: - modify_config(file_path, key, value[key]) + for key in value: + modify_config(file_path, key, value[key]) + def modify_config(filepath, variable, setting): - var_found = False - already_set = False - V=str(variable) - S=str(setting) - - if ' ' in S: - S = '%s' % S - - for line in fileinput.input(filepath, inplace = 1): - if not line.lstrip(' ').startswith('#') and '=' in line: - _infile_var = str(line.split('=')[0].rstrip(' ')) - _infile_set = str(line.split('=')[1].lstrip(' ').rstrip()) - if var_found == False and _infile_var.rstrip(' ') == V: - var_found = True - if _infile_set.lstrip(' ') == S: - already_set = True - else: - line = "%s=%s\n" % (V, S) - - sys.stdout.write(line) - - if not var_found: - with open(filepath, "a") as f: - f.write("%s=%s\n" % (V, S)) - elif already_set == True: - pass - else: - pass + var_found = False + already_set = False + V = str(variable) + S = str(setting) + + if ' ' in S: + S = '%s' % S + + for line in fileinput.input(filepath, inplace=1): + if not line.lstrip(' ').startswith('#') and '=' in line: + _infile_var = str(line.split('=')[0].rstrip(' ')) + _infile_set = str(line.split('=')[1].lstrip(' ').rstrip()) + if var_found == False and _infile_var.rstrip(' ') == V: + var_found = True + if _infile_set.lstrip(' ') == S: + already_set = True + else: + line = "%s=%s\n" % (V, S) + + sys.stdout.write(line) + + if not var_found: + with open(filepath, "a") as f: + f.write("%s=%s\n" % (V, S)) + elif already_set == True: + pass + else: + pass + + return - return def usersync_properties(params): - d = dict() - - d['POLICY_MGR_URL'] = params.config['configurations']['admin-properties']['policymgr_external_url'] - - d['SYNC_SOURCE'] = params.config['configurations']['usersync-properties']['SYNC_SOURCE'] - d['MIN_UNIX_USER_ID_TO_SYNC'] = params.config['configurations']['usersync-properties']['MIN_UNIX_USER_ID_TO_SYNC'] - d['SYNC_INTERVAL'] = params.config['configurations']['usersync-properties']['SYNC_INTERVAL'] - d['SYNC_LDAP_URL'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_URL'] - d['SYNC_LDAP_BIND_DN'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_DN'] - d['SYNC_LDAP_BIND_PASSWORD'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_PASSWORD'] - d['CRED_KEYSTORE_FILENAME'] = params.config['configurations']['usersync-properties']['CRED_KEYSTORE_FILENAME'] - d['SYNC_LDAP_USER_SEARCH_BASE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_SEARCH_BASE'] - d['SYNC_LDAP_USER_SEARCH_SCOPE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_SEARCH_SCOPE'] - d['SYNC_LDAP_USER_OBJECT_CLASS'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_OBJECT_CLASS'] - d['SYNC_LDAP_USER_SEARCH_FILTER'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_SEARCH_FILTER'] - d['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_NAME_ATTRIBUTE'] - d['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] - d['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USERNAME_CASE_CONVERSION'] - d['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] - d['logdir'] = params.config['configurations']['usersync-properties']['logdir'] - - return d + d = dict() + + d['POLICY_MGR_URL'] = params.config['configurations']['admin-properties']['policymgr_external_url'] + + d['SYNC_SOURCE'] = params.config['configurations']['usersync-properties']['SYNC_SOURCE'] + d['MIN_UNIX_USER_ID_TO_SYNC'] = params.config['configurations']['usersync-properties']['MIN_UNIX_USER_ID_TO_SYNC'] + d['SYNC_INTERVAL'] = params.config['configurations']['usersync-properties']['SYNC_INTERVAL'] + d['SYNC_LDAP_URL'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_URL'] + d['SYNC_LDAP_BIND_DN'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_DN'] + d['SYNC_LDAP_BIND_PASSWORD'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_BIND_PASSWORD'] + d['CRED_KEYSTORE_FILENAME'] = params.config['configurations']['usersync-properties']['CRED_KEYSTORE_FILENAME'] + d['SYNC_LDAP_USER_SEARCH_BASE'] = params.config['configurations']['usersync-properties']['SYNC_LDAP_USER_SEARCH_BASE'] + d['SYNC_LDAP_USER_SEARCH_SCOPE'] = params.config['configurations']['usersync-properties'][ + 'SYNC_LDAP_USER_SEARCH_SCOPE'] + d['SYNC_LDAP_USER_OBJECT_CLASS'] = params.config['configurations']['usersync-properties'][ + 'SYNC_LDAP_USER_OBJECT_CLASS'] + d['SYNC_LDAP_USER_SEARCH_FILTER'] = params.config['configurations']['usersync-properties'][ + 'SYNC_LDAP_USER_SEARCH_FILTER'] + d['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties'][ + 'SYNC_LDAP_USER_NAME_ATTRIBUTE'] + d['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = params.config['configurations']['usersync-properties'][ + 'SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] + d['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties'][ + 'SYNC_LDAP_USERNAME_CASE_CONVERSION'] + d['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = params.config['configurations']['usersync-properties'][ + 'SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] + d['logdir'] = params.config['configurations']['usersync-properties']['logdir'] + + return d + def check_db_connnection(env): - import params - env.set_params(params) - - db_root_password = params.config['configurations']['admin-properties']["db_root_password"] - db_root_user = params.config['configurations']['admin-properties']["db_root_user"] - db_host = params.config['configurations']['admin-properties']['db_host'] - sql_command_invoker = params.config['configurations']['admin-properties']['SQL_COMMAND_INVOKER'] - - Logger.info('Checking MYSQL root password') - - cmd_str = "\""+sql_command_invoker+"\""+" -u "+db_root_user+" --password="+db_root_password+" -h "+db_host+" -s -e \"select version();\"" - status, output = get_status_output(cmd_str) - - if status == 0: - Logger.info('Checking MYSQL root password DONE') - return True - else: - Logger.info('Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host and DB server running on DB Host') - sys.exit(1) + import params + + env.set_params(params) + + db_root_password = params.config['configurations']['admin-properties']["db_root_password"] + db_root_user = params.config['configurations']['admin-properties']["db_root_user"] + db_host = params.config['configurations']['admin-properties']['db_host'] + sql_command_invoker = params.config['configurations']['admin-properties']['SQL_COMMAND_INVOKER'] + + Logger.info('Checking MYSQL root password') + + cmd_str = "\"" + sql_command_invoker + "\"" + " -u " + db_root_user + " --password=" + db_root_password + " -h " + db_host + " -s -e \"select version();\"" + status, output = get_status_output(cmd_str) + + if status == 0: + Logger.info('Checking MYSQL root password DONE') + return True + else: + Logger.info( + 'Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host and DB server running on DB Host') + sys.exit(1) + def get_status_output(cmd): - import subprocess + import subprocess - ret = subprocess.call(cmd, shell=True) - return ret, ret + ret = subprocess.call(cmd, shell=True) + return ret, ret http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml index 4cf3aa4..6773ba1 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/metainfo.xml @@ -120,6 +120,7 @@ <configuration-dependencies> <config-type>storm-site</config-type> <config-type>storm-env</config-type> + <config-type>ranger-storm-plugin-properties</config-type> </configuration-dependencies> </service> </services> http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py index 856ca54..3ad0914 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py @@ -30,6 +30,7 @@ from service import service from resource_management.libraries.functions.security_commons import build_expectations, \ cached_kinit_executor, get_params_from_filesystem, validate_security_config_properties, \ FILE_TYPE_JAAS_CONF +from setup_ranger_storm import setup_ranger_storm class Nimbus(Script): @@ -57,7 +58,7 @@ class Nimbus(Script): import params env.set_params(params) self.configure(env) - + setup_ranger_storm(env) service("nimbus", action="start") def stop(self, env, rolling_restart=False): http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params.py index 952a386..b6a332e 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params.py @@ -26,6 +26,7 @@ import status_params # server configurations config = Script.get_config() +tmp_dir = Script.get_tmp_dir() stack_name = default("/hostLevelParams/stack_name", None) @@ -94,3 +95,28 @@ ams_collector_hosts = default("/clusterHostInfo/metric_collector_hosts", []) has_metric_collector = not len(ams_collector_hosts) == 0 if has_metric_collector: metric_collector_host = ams_collector_hosts[0] + +# ranger host +ranger_admin_hosts = default("/clusterHostInfo/ranger_admin_hosts", []) +has_ranger_admin = not len(ranger_admin_hosts) == 0 +user_input = default("/configurations/ranger-storm-plugin-properties/ranger-storm-plugin-enabled", "no") + +if hdp_stack_version != "" and compare_versions(hdp_stack_version, '2.2') >= 0: + # setting flag value for ranger hive plugin + enable_ranger_storm = False + user_input = config['configurations']['ranger-storm-plugin-properties']['ranger-storm-plugin-enabled'] + if user_input.lower() == 'yes': + enable_ranger_storm = True + elif user_input.lower() == 'no': + enable_ranger_storm = False + +ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0] + +jdk_location = config['hostLevelParams']['jdk_location'] +java_share_dir = '/usr/share/java' +jdbc_jar_name = "mysql-connector-java.jar" + +downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") + +driver_curl_source = format("{jdk_location}/{jdbc_jar_name}") +driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}") \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py new file mode 100644 index 0000000..ba348fe --- /dev/null +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py @@ -0,0 +1,206 @@ +#!/usr/bin/env python +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +""" + +import sys +import fileinput +import subprocess +import json +import re +import os +from resource_management import * +from resource_management.core.logger import Logger +from resource_management.libraries.functions.ranger_functions import Rangeradmin + +def setup_ranger_storm(env): + import params + env.set_params(params) + + if params.has_ranger_admin and params.security_enabled: + + environment = {"no_proxy": format("{params.ambari_server_hostname}")} + + Execute(('curl', '-kf', '-x', "", '--retry', '10', params.driver_curl_source, '-o', + params.downloaded_custom_connector), + not_if=format("test -f {params.downloaded_custom_connector}"), + path=["/bin", "/usr/bin/"], + environment=environment, + sudo=True) + + if not os.path.isfile(params.driver_curl_target): + Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target), + path=["/bin", "/usr/bin/"], + sudo=True) + + try: + command = 'hdp-select status storm-nimbus' + return_code, hdp_output = shell.call(command) + except Exception, e: + Logger.error(str(e)) + raise Fail('Unable to execute hdp-select command to retrieve the version.') + + if return_code != 0: + raise Fail('Unable to determine the current version because of a non-zero return code of {0}'.format(str(return_code))) + + cmd_split = hdp_output.strip().split( ) + hdp_version = cmd_split[2] + + match = re.match('[0-9]+.[0-9]+.[0-9]+.[0-9]+-[0-9]+', hdp_version) + + if match is None: + raise Fail('Failed to get extracted version') + + file_path = '/usr/hdp/'+ hdp_version +'/ranger-storm-plugin/install.properties' + + ranger_storm_dict = ranger_storm_properties(params) + storm_repo_data = storm_repo_properties(params) + + write_properties_to_file(file_path, ranger_storm_dict) + + if params.enable_ranger_storm: + cmd = format('cd /usr/hdp/{hdp_version}/ranger-storm-plugin/ && sh enable-storm-plugin.sh') + ranger_adm_obj = Rangeradmin(url=ranger_storm_dict['POLICY_MGR_URL']) + response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(ranger_storm_dict['POLICY_MGR_URL'] + '/login.jsp', 'test:test') + + if response_code is not None and response_code == 200: + ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username'] + ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password'] + ambari_ranger_admin,ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(ambari_ranger_admin, ambari_ranger_password, 'admin:admin') + ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password + if ambari_ranger_admin != '' and ambari_ranger_password != '': + repo = ranger_adm_obj.get_repository_by_name_urllib2(ranger_storm_dict['REPOSITORY_NAME'], 'storm', 'true', ambari_username_password_for_ranger) + if repo and repo['name'] == ranger_storm_dict['REPOSITORY_NAME']: + Logger.info('STORM Repository exist') + else: + response = ranger_adm_obj.create_repository_urllib2(storm_repo_data, ambari_username_password_for_ranger) + if response is not None: + Logger.info('STORM Repository created in Ranger Admin') + else: + Logger.info('STORM Repository creation failed in Ranger Admin') + else: + Logger.info('Ambari admin username and password are blank ') + else: + Logger.info('Ranger service is not started on given host') + else: + cmd = format('cd /usr/hdp/{hdp_version}/ranger-storm-plugin/ && sh disable-storm-plugin.sh') + + Execute(cmd, environment={'JAVA_HOME': params.java64_home}, logoutput=True) + else: + Logger.info('Ranger admin not installed or security is not enabled') + + +def write_properties_to_file(file_path, value): + for key in value: + modify_config(file_path, key, value[key]) + + +def modify_config(filepath, variable, setting): + var_found = False + already_set = False + V=str(variable) + S=str(setting) + # use quotes if setting has spaces # + if ' ' in S: + S = '%s' % S + + for line in fileinput.input(filepath, inplace = 1): + # process lines that look like config settings # + if not line.lstrip(' ').startswith('#') and '=' in line: + _infile_var = str(line.split('=')[0].rstrip(' ')) + _infile_set = str(line.split('=')[1].lstrip(' ').rstrip()) + # only change the first matching occurrence # + if var_found == False and _infile_var.rstrip(' ') == V: + var_found = True + # don't change it if it is already set # + if _infile_set.lstrip(' ') == S: + already_set = True + else: + line = "%s=%s\n" % (V, S) + + sys.stdout.write(line) + + # Append the variable if it wasn't found # + if not var_found: + with open(filepath, "a") as f: + f.write("%s=%s\n" % (V, S)) + elif already_set == True: + pass + else: + pass + + return + +def ranger_storm_properties(params): + ranger_storm_properties = dict() + + ranger_storm_properties['POLICY_MGR_URL'] = params.config['configurations']['admin-properties']['policymgr_external_url'] + ranger_storm_properties['SQL_CONNECTOR_JAR'] = params.config['configurations']['admin-properties']['SQL_CONNECTOR_JAR'] + ranger_storm_properties['XAAUDIT.DB.FLAVOUR'] = params.config['configurations']['admin-properties']['DB_FLAVOR'] + ranger_storm_properties['XAAUDIT.DB.DATABASE_NAME'] = params.config['configurations']['admin-properties']['audit_db_name'] + ranger_storm_properties['XAAUDIT.DB.USER_NAME'] = params.config['configurations']['admin-properties']['audit_db_user'] + ranger_storm_properties['XAAUDIT.DB.PASSWORD'] = params.config['configurations']['admin-properties']['audit_db_password'] + ranger_storm_properties['XAAUDIT.DB.HOSTNAME'] = params.config['configurations']['admin-properties']['db_host'] + ranger_storm_properties['REPOSITORY_NAME'] = str(params.config['clusterName']) + '_storm' + + ranger_storm_properties['XAAUDIT.DB.IS_ENABLED'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.DB.IS_ENABLED'] + + ranger_storm_properties['XAAUDIT.HDFS.IS_ENABLED'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.IS_ENABLED'] + ranger_storm_properties['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINATION_DIRECTORY'] + ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY'] + ranger_storm_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY'] + ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_FILE'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FILE'] + ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS'] + ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS'] + ranger_storm_properties['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS'] + ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FILE'] + ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS'] + ranger_storm_properties['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS'] + ranger_storm_properties['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] = params.config['configurations']['ranger-storm-plugin-properties']['XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT'] + + + ranger_storm_properties['SSL_KEYSTORE_FILE_PATH'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_KEYSTORE_FILE_PATH'] + ranger_storm_properties['SSL_KEYSTORE_PASSWORD'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_KEYSTORE_PASSWORD'] + ranger_storm_properties['SSL_TRUSTSTORE_FILE_PATH'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_TRUSTSTORE_FILE_PATH'] + ranger_storm_properties['SSL_TRUSTSTORE_PASSWORD'] = params.config['configurations']['ranger-storm-plugin-properties']['SSL_TRUSTSTORE_PASSWORD'] + + return ranger_storm_properties + + +def storm_repo_properties(params): + + storm_ui_server_host = params.config['clusterHostInfo']['storm_ui_server_hosts'][0] + + config_dict = dict() + config_dict['username'] = params.config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_USERNAME'] + config_dict['password'] = params.config['configurations']['ranger-storm-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'] + config_dict['nimbus.url'] = 'http://' + storm_ui_server_host + ':' + str(params.config['configurations']['storm-site']['ui.port']) + config_dict['commonNameForCertificate'] = params.config['configurations']['ranger-storm-plugin-properties']['common.name.for.certificate'] + + + repo = dict() + repo['isActive'] = "true" + repo['config'] = json.dumps(config_dict) + repo['description'] = "storm repo" + repo['name'] = str(params.config['clusterName']) + "_storm" + repo['repositoryType'] = "Storm" + repo['assetType'] = '6' + + data = json.dumps(repo) + + return data http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py index 1e317d5..884ee48 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py @@ -30,7 +30,7 @@ from resource_management.libraries.functions.version import compare_versions, fo from resource_management.libraries.functions.security_commons import build_expectations, \ cached_kinit_executor, get_params_from_filesystem, validate_security_config_properties, \ FILE_TYPE_JAAS_CONF - +from setup_ranger_storm import setup_ranger_storm class UiServer(Script): @@ -58,7 +58,7 @@ class UiServer(Script): import params env.set_params(params) self.configure(env) - + setup_ranger_storm(env) service("ui", action="start") def stop(self, env, rolling_restart=False): http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml new file mode 100644 index 0000000..1c28f03 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml @@ -0,0 +1,150 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="true"> + + <property> + <name>common.name.for.certificate</name> + <value>-</value> + <description>Used for repository creation on ranger admin</description> + </property> + + <property> + <name>ranger-storm-plugin-enabled</name> + <value>No</value> + <description>Enable ranger storm plugin ?</description> + </property> + + <property> + <name>REPOSITORY_CONFIG_USERNAME</name> + <value>stormcli...@example.com</value> + <description>Used for repository creation on ranger admin</description> + </property> + + <property> + <name>REPOSITORY_CONFIG_PASSWORD</name> + <value>stormclient</value> + <property-type>PASSWORD</property-type> + <description>Used for repository creation on ranger admin</description> + </property> + + <property> + <name>XAAUDIT.DB.IS_ENABLED</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.IS_ENABLED</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name> + <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name> + <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name> + <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FILE</name> + <value>%hostname%-audit.log</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name> + <value>900</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name> + <value>86400</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name> + <value>%time:yyyyMMdd-HHmm.ss%.log</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name> + <value>600</value> + <description></description> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name> + <value>10</value> + <description></description> + </property> + + <property> + <name>SSL_KEYSTORE_FILE_PATH</name> + <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value> + <description></description> + </property> + + <property> + <name>SSL_KEYSTORE_PASSWORD</name> + <value>myKeyFilePassword</value> + <description></description> + </property> + + <property> + <name>SSL_TRUSTSTORE_FILE_PATH</name> + <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value> + <description></description> + </property> + + <property> + <name>SSL_TRUSTSTORE_PASSWORD</name> + <value>changeit</value> + <description></description> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py index d0c002e..7c7adac 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/stack_advisor.py @@ -48,14 +48,15 @@ class HDP22StackAdvisor(HDP21StackAdvisor): putHDFSProperty = self.putProperty(configurations, "hadoop-env") putHDFSProperty('namenode_opt_maxnewsize', max(int(clusterData['totalAvailableRam'] / 8), 256)) servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - if 'ranger-hdfs-plugin-properties' in services['configurations']: + if ('ranger-hdfs-plugin-properties' in services['configurations']) and ('ranger-hdfs-plugin-enabled' in services['configurations']['ranger-hdfs-plugin-properties']['properties']): rangerPluginEnabled = services['configurations']['ranger-hdfs-plugin-properties']['properties']['ranger-hdfs-plugin-enabled'] if ("RANGER" in servicesList) and (rangerPluginEnabled.lower() == 'Yes'.lower()): putHDFSProperty("dfs.permissions.enabled",'true') def recommendHIVEConfigurations(self, configurations, clusterData, services, hosts): + super(HDP22StackAdvisor, self).recommendHiveConfigurations(configurations, clusterData, services, hosts) servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - if 'ranger-hive-plugin-properties' in services['configurations']: + if 'ranger-hive-plugin-properties' in services['configurations'] and ('ranger-hive-plugin-enabled' in services['configurations']['ranger-hive-plugin-properties']['properties']): rangerPluginEnabled = services['configurations']['ranger-hive-plugin-properties']['properties']['ranger-hive-plugin-enabled'] if ("RANGER" in servicesList) : if (rangerPluginEnabled.lower() == "Yes".lower()): @@ -68,16 +69,17 @@ class HDP22StackAdvisor(HDP21StackAdvisor): putHiveProperty("hive.security.authenticator.manager", 'org.apache.hadoop.hive.ql.security.HadoopDefaultAuthenticator') def recommendHBASEConfigurations(self, configurations, clusterData, services, hosts): + super(HDP22StackAdvisor, self).recommendHbaseEnvConfigurations(configurations, clusterData, services, hosts) putHbaseSiteProperty = self.putProperty(configurations, "hbase-site") putHbaseSiteProperty("hbase.regionserver.global.memstore.upperLimit", '0.4') servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - if 'ranger-hbase-plugin-properties' in services['configurations']: + if 'ranger-hbase-plugin-properties' in services['configurations'] and ('ranger-hbase-plugin-enabled' in services['configurations']['ranger-hbase-plugin-properties']['properties']): rangerPluginEnabled = services['configurations']['ranger-hbase-plugin-properties']['properties']['ranger-hbase-plugin-enabled'] if ("RANGER" in servicesList) and (rangerPluginEnabled.lower() == "Yes".lower()): - putHbaseSiteProperty("hbase.security.authorization", 'true') - putHbaseSiteProperty("hbase.coprocessor.master.classes", 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor') - putHbaseSiteProperty("hbase.coprocessor.region.classes", 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor') + putHbaseSiteProperty("hbase.security.authorization", 'true') + putHbaseSiteProperty("hbase.coprocessor.master.classes", 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor') + putHbaseSiteProperty("hbase.coprocessor.region.classes", 'com.xasecure.authorization.hbase.XaSecureAuthorizationCoprocessor') def recommendTezConfigurations(self, configurations, clusterData, services, hosts): putTezProperty = self.putProperty(configurations, "tez-site") @@ -368,6 +370,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor): return self.toConfigurationValidationProblems(validationItems, "hdfs-site") def validateHIVEConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): + super(HDP22StackAdvisor, self).validateHiveConfigurations(properties, recommendedDefaults, configurations, services, hosts) hive_server2 = properties validationItems = [] #Adding Ranger Plugin logic here @@ -411,6 +414,7 @@ class HDP22StackAdvisor(HDP21StackAdvisor): return self.toConfigurationValidationProblems(validationItems, "hiveserver2-site") def validateHBASEConfigurations(self, properties, recommendedDefaults, configurations, services, hosts): + super(HDP22StackAdvisor, self).validateHbaseEnvConfigurations(properties, recommendedDefaults, configurations, services, hosts) hbase_site = properties validationItems = [] http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json b/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json index 48219bc..900eba4 100644 --- a/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json +++ b/ambari-server/src/test/python/stacks/2.1/configs/default-storm-start.json @@ -213,6 +213,9 @@ "storm_pid_dir": "/var/run/storm", "storm_user": "storm" }, + "ranger-storm-plugin-properties" : { + "ranger-storm-plugin-enabled":"no" + }, "core-site": { "io.serializations": "org.apache.hadoop.io.serializer.WritableSerialization", "fs.trash.interval": "360", http://git-wip-us.apache.org/repos/asf/ambari/blob/4cbf3a87/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json b/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json index 29b9c83..6b8f69a 100644 --- a/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json +++ b/ambari-server/src/test/python/stacks/2.1/configs/secured-storm-start.json @@ -223,6 +223,9 @@ "nimbus_keytab": "/etc/security/keytabs/nimbus.service.keytab", "storm_keytab": "/etc/security/keytabs/storm.service.keytab", "storm_ui_principal_name": "HTTP/_HOST" + }, + "ranger-storm-plugin-properties" : { + "ranger-storm-plugin-enabled":"yes" }, "core-site": { "io.serializations": "org.apache.hadoop.io.serializer.WritableSerialization",