Repository: ambari Updated Branches: refs/heads/trunk 7d62dbb7b -> d445eed53
AMBARI-10522. Cannot install Ranger Admin on non-root + umask 027 (aonishuk) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d445eed5 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d445eed5 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d445eed5 Branch: refs/heads/trunk Commit: d445eed53ba2bc3981a62669320ee94a490f10b9 Parents: 7d62dbb Author: Andrew Onishuk <aonis...@hortonworks.com> Authored: Thu Apr 16 16:10:02 2015 +0300 Committer: Andrew Onishuk <aonis...@hortonworks.com> Committed: Thu Apr 16 16:10:02 2015 +0300 ---------------------------------------------------------------------- .../resource_management/TestFileResource.py | 12 +- .../TestPropertiesFileResource.py | 10 +- .../TestXmlConfigResource.py | 8 +- .../core/providers/system.py | 9 +- .../python/resource_management/core/sudo.py | 14 +- .../libraries/providers/__init__.py | 3 +- .../providers/modify_properties_file.py | 70 +++++ .../libraries/resources/__init__.py | 3 +- .../resources/modify_properties_file.py | 40 +++ .../RANGER/0.4.0/configuration/ranger-site.xml | 14 +- .../RANGER/0.4.0/package/scripts/params.py | 63 +---- .../0.4.0/package/scripts/ranger_admin.py | 4 +- .../0.4.0/package/scripts/ranger_service.py | 4 +- .../0.4.0/package/scripts/ranger_usersync.py | 39 +-- .../0.4.0/package/scripts/setup_ranger.py | 256 ++++--------------- .../stacks/2.2/RANGER/test_ranger_admin.py | 152 +++++++++-- .../stacks/2.2/RANGER/test_ranger_usersync.py | 131 +++++++++- .../test/python/stacks/2.2/configs/default.json | 83 ++++++ .../test/python/stacks/2.2/configs/secured.json | 94 +++++++ 19 files changed, 656 insertions(+), 353 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-agent/src/test/python/resource_management/TestFileResource.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/test/python/resource_management/TestFileResource.py b/ambari-agent/src/test/python/resource_management/TestFileResource.py index 703651c..4caa69c 100644 --- a/ambari-agent/src/test/python/resource_management/TestFileResource.py +++ b/ambari-agent/src/test/python/resource_management/TestFileResource.py @@ -95,7 +95,7 @@ class TestFileResource(TestCase): ) - create_file_mock.assert_called_with('/directory/file', 'file-content') + create_file_mock.assert_called_with('/directory/file', 'file-content', encoding=None) self.assertEqual(create_file_mock.call_count, 1) ensure_mock.assert_called() @@ -120,8 +120,8 @@ class TestFileResource(TestCase): content='new-content' ) - read_file_mock.assert_called_with('/directory/file') - create_file_mock.assert_called_with('/directory/file', 'new-content') + read_file_mock.assert_called_with('/directory/file', encoding=None) + create_file_mock.assert_called_with('/directory/file', 'new-content', encoding=None) @patch.object(sudo, "unlink") @@ -297,7 +297,7 @@ class TestFileResource(TestCase): ) - create_file_mock.assert_called_with('/directory/file', 'file-content') + create_file_mock.assert_called_with('/directory/file', 'file-content', encoding=None) self.assertEqual(create_file_mock.call_count, 1) stat_mock.assert_called_with('/directory/file') self.assertEqual(chmod_mock.call_count, 1) @@ -346,7 +346,5 @@ class TestFileResource(TestCase): ) - read_file_mock.assert_called_with('/directory/file') - content_mock.encode.assert_called_with('UTF-8') - old_content_mock.decode.assert_called_with('UTF-8') + read_file_mock.assert_called_with('/directory/file', encoding='UTF-8') http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py b/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py index 1147928..bb91159 100644 --- a/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py +++ b/ambari-agent/src/test/python/resource_management/TestPropertiesFileResource.py @@ -65,7 +65,7 @@ class TestPropertiesFIleResource(TestCase): properties={} ) - create_file_mock.assert_called_with('/somewhere_in_system/one_file.properties', u'# Generated by Apache Ambari. Today is Wednesday\n \n \n') + create_file_mock.assert_called_with('/somewhere_in_system/one_file.properties', u'# Generated by Apache Ambari. Today is Wednesday\n \n \n', encoding=None) ensure_mock.assert_called() @@ -98,7 +98,7 @@ class TestPropertiesFIleResource(TestCase): properties={}, ) - create_file_mock.assert_called_with('/dir/and/dir/file.txt', u'# Generated by Apache Ambari. Some other day\n \n \n') + create_file_mock.assert_called_with('/dir/and/dir/file.txt', u'# Generated by Apache Ambari. Some other day\n \n \n', encoding=None) ensure_mock.assert_called() @@ -131,7 +131,7 @@ class TestPropertiesFIleResource(TestCase): properties={'property1': 'value1'}, ) - create_file_mock.assert_called_with('/dir/new_file', u'# Generated by Apache Ambari. 777\n \nproperty1=value1\n \n') + create_file_mock.assert_called_with('/dir/new_file', u'# Generated by Apache Ambari. 777\n \nproperty1=value1\n \n', encoding=None) ensure_mock.assert_called() @@ -169,7 +169,7 @@ class TestPropertiesFIleResource(TestCase): }, ) - create_file_mock.assert_called_with('/dir/new_file', u"# Generated by Apache Ambari. 777\n \n=\nprop.1='.'yyyy-MM-dd-HH\nprop.2=INFO, openjpa\nprop.3=%d{ISO8601} %5p %c{1}:%L - %m%n\nprop.4=${oozie.log.dir}/oozie.log\nprop.empty=\n \n") + create_file_mock.assert_called_with('/dir/new_file', u"# Generated by Apache Ambari. 777\n \n=\nprop.1='.'yyyy-MM-dd-HH\nprop.2=INFO, openjpa\nprop.3=%d{ISO8601} %5p %c{1}:%L - %m%n\nprop.4=${oozie.log.dir}/oozie.log\nprop.empty=\n \n", encoding=None) ensure_mock.assert_called() @@ -206,5 +206,5 @@ class TestPropertiesFIleResource(TestCase): ) read_file_mock.assert_called() - create_file_mock.assert_called_with('/dir1/new_file', u'# Generated by Apache Ambari. 777\n \nproperty_1=value1\n \n') + create_file_mock.assert_called_with('/dir1/new_file', u'# Generated by Apache Ambari. 777\n \nproperty_1=value1\n \n', encoding=None) ensure_mock.assert_called() http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py b/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py index 041fc9a..a7eaae9 100644 --- a/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py +++ b/ambari-agent/src/test/python/resource_management/TestXmlConfigResource.py @@ -62,7 +62,7 @@ class TestXmlConfigResource(TestCase): configuration_attributes={} ) - create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n </configuration>\n') + create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n </configuration>\n', encoding='UTF-8') @patch("resource_management.core.providers.system._ensure_metadata") @@ -91,7 +91,7 @@ class TestXmlConfigResource(TestCase): configuration_attributes={'attr': {'property1': 'attr_value'}} ) - create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name>property1</name>\n <value>value1</value>\n <attr>attr_value</attr>\n </property>\n \n </configuration>\n') + create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name>property1</name>\n <value>value1</value>\n <attr>attr_value</attr>\n </property>\n \n </configuration>\n', encoding='UTF-8') @patch("resource_management.core.providers.system._ensure_metadata") @@ -144,7 +144,7 @@ class TestXmlConfigResource(TestCase): } }) - create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name></name>\n <value></value>\n </property>\n \n <property>\n <name>prop.1</name>\n <value>'.'yyyy-MM-dd-HH</value>\n <attr1>x</attr1>\n </property>\n \n <property>\n <name>prop.2</name>\n <value>INFO, openjpa</value>\n </property>\n \n <property>\n <name>prop.3</name>\n <value>%d{ISO8601} %5p %c{1}:%L - %m%n</value>\n <attr2>value3</attr2>\n </property>\n \n <property>\n <name>prop.4</name>\n <value>${oozie.log.dir}/oozie.log</value>\n <attr_value_empty></attr_value_empty>\n <attr2>value4</attr2>\n </property>\n \n <property>\n <name>prop.empty</name>\n <value></value>\n <attr_value_empty></attr_value_empty>\n </property>\n \n </configuration>\n') + create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name></name>\n <value></value>\n </property>\n \n <property>\n <name>prop.1</name>\n <value>'.'yyyy-MM-dd-HH</value>\n <attr1>x</attr1>\n </property>\n \n <property>\n <name>prop.2</name>\n <value>INFO, openjpa</value>\n </property>\n \n <property>\n <name>prop.3</name>\n <value>%d{ISO8601} %5p %c{1}:%L - %m%n</value>\n <attr2>value3</attr2>\n </property>\n \n <property>\n <name>prop.4</name>\n <value>${oozie.log.dir}/oozie.log</value>\n <attr_value_empty></attr_value_empty>\n <attr2>value4</attr2>\n </property>\n \n <property>\n <name>prop.empty</name>\n <value></value>\n <attr_value_empty></attr_value_empty>\n </property>\n \n </configuration>\n', encoding='UTF-8') @patch("resource_management.core.providers.system._ensure_metadata") @patch.object(sudo, "create_file") @@ -177,7 +177,7 @@ class TestXmlConfigResource(TestCase): configuration_attributes={} ) - create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name></name>\n <value></value>\n </property>\n \n <property>\n <name>first</name>\n <value>should be first</value>\n </property>\n \n <property>\n <name>second</name>\n <value>should be second</value>\n </property>\n \n <property>\n <name>third</name>\n <value>should be third</value>\n </property>\n \n <property>\n <name>z_last</name>\n <value>should be last</value>\n </property>\n \n </configuration>\n') + create_file_mock.assert_called_with('/dir/conf/file.xml', u'<!--Wed 2014-02-->\n <configuration>\n \n <property>\n <name></name>\n <value></value>\n </property>\n \n <property>\n <name>first</name>\n <value>should be first</value>\n </property>\n \n <property>\n <name>second</name>\n <value>should be second</value>\n </property>\n \n <property>\n <name>third</name>\n <value>should be third</value>\n </property>\n \n <property>\n <name>z_last</name>\n <value>should be last</value>\n </property>\n \n </configuration>\n', encoding='UTF-8') @patch("resource_management.libraries.providers.xml_config.File") @patch.object(sudo, "path_exists") http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/core/providers/system.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/core/providers/system.py b/ambari-common/src/main/python/resource_management/core/providers/system.py index 95ba80d..1e4ce90 100644 --- a/ambari-common/src/main/python/resource_management/core/providers/system.py +++ b/ambari-common/src/main/python/resource_management/core/providers/system.py @@ -111,8 +111,7 @@ class FileProvider(Provider): reason = "it doesn't exist" elif self.resource.replace: if content is not None: - old_content = sudo.read_file(path) - old_content = old_content.decode(self.resource.encoding) if self.resource.encoding else old_content + old_content = sudo.read_file(path, encoding=self.resource.encoding) if content != old_content: write = True reason = "contents don't match" @@ -121,11 +120,7 @@ class FileProvider(Provider): if write: Logger.info("Writing %s because %s" % (self.resource, reason)) - - if content: - content = content.encode(self.resource.encoding) if self.resource.encoding else content - - sudo.create_file(path, content) + sudo.create_file(path, content, encoding=self.resource.encoding) _ensure_metadata(self.resource.path, self.resource.owner, self.resource.group, mode=self.resource.mode, cd_access=self.resource.cd_access) http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/core/sudo.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/core/sudo.py b/ambari-common/src/main/python/resource_management/core/sudo.py index 13c32a1..d481ecc 100644 --- a/ambari-common/src/main/python/resource_management/core/sudo.py +++ b/ambari-common/src/main/python/resource_management/core/sudo.py @@ -65,13 +65,14 @@ def rmtree(path): shell.checked_call(["rm","-rf", path], sudo=True) # fp.write replacement -def create_file(filename, content): +def create_file(filename, content, encoding='utf-8'): """ if content is None, create empty file """ tmpf = tempfile.NamedTemporaryFile() if content: + content = content.encode(encoding) if encoding else content with open(tmpf.name, "wb") as fp: fp.write(content) @@ -82,13 +83,16 @@ def create_file(filename, content): chmod(filename, 0644) # fp.read replacement -def read_file(filename): +def read_file(filename, encoding='utf-8'): tmpf = tempfile.NamedTemporaryFile() shell.checked_call(["cp", "-f", filename, tmpf.name], sudo=True) with tmpf: with open(tmpf.name, "rb") as fp: - return fp.read() + content = fp.read() + + content = content.decode(encoding) if encoding else content + return content # os.path.exists def path_exists(path): @@ -102,6 +106,10 @@ def path_isdir(path): def path_lexists(path): return (shell.call(["test", "-L", path], sudo=True)[0] == 0) +# os.path.isfile +def path_isfile(path): + return (shell.call(["test", "-f", path], sudo=True)[0] == 0) + # os.stat def stat(path): class Stat: http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py b/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py index 0038800..34b10a9 100644 --- a/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py +++ b/ambari-common/src/main/python/resource_management/libraries/providers/__init__.py @@ -43,6 +43,7 @@ PROVIDERS = dict( PropertiesFile="resource_management.libraries.providers.properties_file.PropertiesFileProvider", MonitorWebserver="resource_management.libraries.providers.monitor_webserver.MonitorWebserverProvider", HdfsDirectory="resource_management.libraries.providers.hdfs_directory.HdfsDirectoryProvider", - CopyFromLocal="resource_management.libraries.providers.copy_from_local.CopyFromLocalProvider" + CopyFromLocal="resource_management.libraries.providers.copy_from_local.CopyFromLocalProvider", + ModifyPropertiesFile="resource_management.libraries.providers.modify_properties_file.ModifyPropertiesFileProvider" ), ) http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/libraries/providers/modify_properties_file.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/providers/modify_properties_file.py b/ambari-common/src/main/python/resource_management/libraries/providers/modify_properties_file.py new file mode 100644 index 0000000..03d9028 --- /dev/null +++ b/ambari-common/src/main/python/resource_management/libraries/providers/modify_properties_file.py @@ -0,0 +1,70 @@ +#!/usr/bin/env python +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Ambari Agent + +""" + +from resource_management.core.resources import File +from resource_management.core.providers import Provider +from resource_management.libraries.functions.format import format +from resource_management.core.environment import Environment +from resource_management.core.logger import Logger +from resource_management import sudo + + +class ModifyPropertiesFileProvider(Provider): + def action_create(self): + filename = self.resource.filename + comment_symbols = self.resource.comment_symbols + delimiter = self.resource.key_value_delimiter + properties = self.resource.properties + unsaved_values = properties.keys() + new_content_lines = [] + + if sudo.path_isfile(filename): + file_content = sudo.read_file(filename) + new_content_lines += file_content.split('\n') + + Logger.info(format("Modifying existing properties file: {filename}")) + + for line_num in range(len(new_content_lines)): + line = new_content_lines[line_num] + + if line.lstrip() and not line.lstrip()[0] in comment_symbols and delimiter in line: + in_var_name = line.split(delimiter)[0].strip() + in_var_value = line.split(delimiter)[1].strip() + + if in_var_name in properties: + new_content_lines[line_num] = u"{0}{1}{2}".format(unicode(in_var_name), delimiter, unicode(properties[in_var_name])) + unsaved_values.remove(in_var_name) + else: + Logger.info(format("Creating new properties file as {filename} doesn't exist")) + + for property_name in unsaved_values: + line = u"{0}{1}{2}".format(unicode(property_name), delimiter, unicode(properties[property_name])) + new_content_lines.append(line) + + with Environment.get_instance_copy() as env: + File (filename, + content = u"\n".join(new_content_lines) + "\n", + owner = self.resource.owner, + group = self.resource.group, + mode = self.resource.mode, + encoding = self.resource.encoding, + ) http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py b/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py index a0b533c..596c2e2 100644 --- a/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py +++ b/ambari-common/src/main/python/resource_management/libraries/resources/__init__.py @@ -28,4 +28,5 @@ from resource_management.libraries.resources.repository import * from resource_management.libraries.resources.monitor_webserver import * from resource_management.libraries.resources.hdfs_directory import * from resource_management.libraries.resources.copy_from_local import * -from resource_management.libraries.resources.msi import * \ No newline at end of file +from resource_management.libraries.resources.msi import * +from resource_management.libraries.resources.modify_properties_file import * \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-common/src/main/python/resource_management/libraries/resources/modify_properties_file.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/resources/modify_properties_file.py b/ambari-common/src/main/python/resource_management/libraries/resources/modify_properties_file.py new file mode 100644 index 0000000..d80d596 --- /dev/null +++ b/ambari-common/src/main/python/resource_management/libraries/resources/modify_properties_file.py @@ -0,0 +1,40 @@ +#!/usr/bin/env python +""" +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +Ambari Agent + +""" + +_all__ = ["ModifyPropertiesFile"] +from resource_management.core.base import Resource, ForcedListArgument, ResourceArgument, BooleanArgument + +class ModifyPropertiesFile(Resource): + action = ForcedListArgument(default="create") + filename = ResourceArgument(default=lambda obj: obj.name) + + properties = ResourceArgument() + + mode = ResourceArgument() + owner = ResourceArgument() + group = ResourceArgument() + + key_value_delimiter = ResourceArgument(default='=') + comment_symbols = ForcedListArgument(default=['#']) + encoding = ResourceArgument(default='utf-8') + + actions = Resource.actions + ["create"] http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml index 648a1d5..293c925 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/configuration/ranger-site.xml @@ -22,43 +22,43 @@ <configuration supports_final="false"> <property> - <name>HTTP_SERVICE_PORT</name> + <name>http.service.port</name> <value>6080</value> <description>The http port to be used</description> </property> <property> - <name>HTTPS_SERVICE_PORT</name> + <name>https.service.port</name> <value>6182</value> <description>The secured https port to be used</description> </property> <property> - <name>HTTPS_KEYSTORE_FILE</name> + <name>https.attrib.keystoreFile</name> <value>/etc/ranger/admin/keys/server.jks</value> <description>The keystore file location</description> </property> <property> - <name>HTTPS_KEYSTORE_PASS</name> + <name>https.attrib.keystorePass</name> <value>ranger</value> <description>The keystore pass to be used </description> </property> <property> - <name>HTTPS_KEY_ALIAS</name> + <name>https.attrib.keyAlias</name> <value>myKey</value> <description>The key alias to be used </description> </property> <property> - <name>HTTPS_CLIENT_AUTH</name> + <name>https.attrib.clientAuth</name> <value>want</value> <description>The client auth to be used </description> </property> <property> - <name>HTTP_ENABLED</name> + <name>http.enabled</name> <value>true</value> <description>http enabled or https enabled </description> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py index ac2bc0a..718c3c1 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py @@ -46,64 +46,17 @@ if stack_is_hdp22_or_further: usersync_services_file = "/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh" java_home = config['hostLevelParams']['java_home'] -unix_user = default("/configurations/ranger-env/ranger_user", "ranger") -unix_group = default("/configurations/ranger-env/ranger_group", "ranger") +unix_user = config['configurations']['ranger-env']['ranger_user'] +unix_group = config['configurations']['ranger-env']['ranger_group'] ambari_server_hostname = config['clusterHostInfo']['ambari_server_host'][0] -# admin-properties -db_flavor = default("/configurations/admin-properties/DB_FLAVOR", "MYSQL") -sql_command_invoker = default("/configurations/admin-properties/SQL_COMMAND_INVOKER", "mysql") -sql_connector_jar = default("/configurations/admin-properties/SQL_CONNECTOR_JAR", "/usr/share/java/mysql-connector-java.jar") -db_root_user = default("/configurations/admin-properties/db_root_user", "root") -db_root_password = unicode(default("/configurations/admin-properties/db_root_password", " ")) -db_host = default("/configurations/admin-properties/db_host", "localhost") -db_name = default("/configurations/admin-properties/db_name", "ranger") -db_user = default("/configurations/admin-properties/db_user", "rangeradmin") -db_password = unicode(default("/configurations/admin-properties/db_password", "rangeradmin")) -audit_db_name = default("/configurations/admin-properties/audit_db_name", "ranger_audit") -audit_db_user = default("/configurations/admin-properties/audit_db_user", "rangerlogger") -audit_db_password = default("/configurations/admin-properties/audit_db_password", "rangerlogger") -policymgr_external_url = default("/configurations/admin-properties/policymgr_external_url", "http://localhost:6080") -policymgr_http_enabled = default("/configurations/admin-properties/policymgr_http_enabled", "true") -authentication_method = default("/configurations/admin-properties/authentication_method", "UNIX") -remoteLoginEnabled = default("/configurations/admin-properties/remoteLoginEnabled", "true") -authServiceHostName = default("/configurations/admin-properties/authServiceHostName", "localhost") -authServicePort = default("/configurations/admin-properties/authServicePort", "5151") -xa_ldap_url = default("/configurations/admin-properties/xa_ldap_url", "ldap://71.127.43.33:389") -xa_ldap_userDNpattern = default("/configurations/admin-properties/xa_ldap_userDNpattern", "uid={0},ou=users,dc=xasecure,dc=net") -xa_ldap_groupSearchBase = default("/configurations/admin-properties/xa_ldap_groupSearchBase", "ou=groups,dc=xasecure,dc=net") -xa_ldap_groupSearchFilter = default("/configurations/admin-properties/xa_ldap_groupSearchFilter", "(member=uid={0},ou=users,dc=xasecure,dc=net)") -xa_ldap_groupRoleAttribute = default("/configurations/admin-properties/xa_ldap_groupRoleAttribute", "cn") -xa_ldap_ad_domain = default("/configurations/admin-properties/xa_ldap_ad_domain", "xasecure.net") -xa_ldap_ad_url = default("/configurations/admin-properties/xa_ldap_ad_url", "ldap://ad.xasecure.net:389") - -# usersync-properties -sync_source = default("/configurations/usersync-properties/SYNC_SOURCE", "unix") -min_unix_user_id_to_sync = default("/configurations/usersync-properties/MIN_UNIX_USER_ID_TO_SYNC", "1000") -sync_interval = default("/configurations/usersync-properties/SYNC_INTERVAL", "1") -sync_ldap_url = default("/configurations/usersync-properties/SYNC_LDAP_URL", "ldap://localhost:389") -sync_ldap_bind_dn = default("/configurations/usersync-properties/SYNC_LDAP_BIND_DN", "cn=admin,dc=xasecure,dc=net") -sync_ldap_bind_password = default("/configurations/usersync-properties/SYNC_LDAP_BIND_PASSWORD", "admin321") -cred_keystore_filename = default("/configurations/usersync-properties/CRED_KEYSTORE_FILENAME", "/usr/lib/xausersync/.jceks/xausersync.jceks") -sync_ldap_user_search_base = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_BASE", "ou=users,dc=xasecure,dc=net") -sync_ldap_user_search_scope = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE", "sub") -sync_ldap_user_object_class = default("/configurations/usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS", "person") -sync_ldap_user_search_filter = default("/configurations/usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER", "-") -sync_ldap_user_name_attribute = default("/configurations/usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE", "cn") -sync_ldap_user_group_name_attribute = default("/configurations/usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE", "memberof,ismemberof") -sync_ldap_username_case_conversion = default("/configurations/usersync-properties/SYNC_LDAP_USERNAME_CASE_CONVERSION", "lower") -sync_ldap_groupname_case_conversion = default("/configurations/usersync-properties/SYNC_LDAP_GROUPNAME_CASE_CONVERSION", "lower") -logdir = default("/configurations/usersync-properties/logdir", "logs") - -# ranger-site -http_enabled = default("/configurations/ranger-site/HTTP_ENABLED", "true") -http_service_port = default("/configurations/ranger-site/HTTP_SERVICE_PORT", "6080") -https_service_port = default("/configurations/ranger-site/HTTPS_SERVICE_PORT", "6182") -https_attrib_keystoreFile = default("/configurations/ranger-site/HTTPS_KEYSTORE_FILE", "/etc/ranger/admin/keys/server.jks") -https_attrib_keystorePass = default("/configurations/ranger-site/HTTPS_KEYSTORE_PASS", "ranger") -https_attrib_keyAlias = default("/configurations/ranger-site/HTTPS_KEY_ALIAS", "mykey") -https_attrib_clientAuth = default("/configurations/ranger-site/HTTPS_CLIENT_AUTH", "want") +db_flavor = config['configurations']['admin-properties']['DB_FLAVOR'] + +sql_command_invoker = config['configurations']['admin-properties']['SQL_COMMAND_INVOKER'] +db_root_user = config['configurations']['admin-properties']['db_root_user'] +db_root_password = unicode(config['configurations']['admin-properties']['db_root_password']) +db_host = config['configurations']['admin-properties']['db_host'] #ranger-env properties oracle_home = default("/configurations/ranger-env/oracle_home", "-") http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py index 7314a83..f88625e 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_admin.py @@ -23,7 +23,7 @@ from resource_management.core.exceptions import ComponentIsNotRunning from resource_management.libraries.functions.format import format from resource_management.core.logger import Logger from resource_management.core import shell -from setup_ranger import setup_ranger +from setup_ranger import setup_ranger_admin from ranger_service import ranger_service import upgrade @@ -67,7 +67,7 @@ class RangerAdmin(Script): import params env.set_params(params) - setup_ranger() + setup_ranger_admin() if __name__ == "__main__": http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py index f3b9603..8fda5f4 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_service.py @@ -19,12 +19,12 @@ limitations under the License. """ from resource_management import * -def ranger_service(name): +def ranger_service(name, action=None): import params if name == 'ranger_admin': no_op_test = format('ps -ef | grep proc_rangeradmin | grep -v grep') - Execute(format('{params.ranger_start}'), user=params.unix_user, not_if=no_op_test) + Execute(params.ranger_start, user=params.unix_user, not_if=no_op_test) elif name == 'ranger_usersync': no_op_test = format('ps -ef | grep proc_rangerusersync | grep -v grep') http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py index afb86c1..a31a369 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/ranger_usersync.py @@ -23,37 +23,35 @@ from resource_management.core.exceptions import ComponentIsNotRunning from resource_management.libraries.functions.format import format from resource_management.core.logger import Logger from resource_management.core import shell -from setup_ranger import setup_usersync from ranger_service import ranger_service +from setup_ranger import setup_usersync import upgrade class RangerUsersync(Script): - - def get_stack_to_component(self): - return {"HDP": "ranger-usersync"} - + def install(self, env): self.install_packages(env) self.configure(env) - - def stop(self, env, rolling_restart=False): - import params - - env.set_params(params) - Execute((params.usersync_stop,), sudo=True) - - def pre_rolling_restart(self, env): + + def configure(self, env): import params env.set_params(params) - upgrade.prestart(env, "ranger-usersync") - + + setup_usersync() + def start(self, env, rolling_restart=False): import params env.set_params(params) + self.configure(env) ranger_service('ranger_usersync') - - + + def stop(self, env, rolling_restart=False): + import params + env.set_params(params) + + Execute((params.usersync_stop,), sudo=True) + def status(self, env): cmd = 'ps -ef | grep proc_rangerusersync | grep -v grep' code, output = shell.call(cmd, timeout=20) @@ -63,10 +61,13 @@ class RangerUsersync(Script): raise ComponentIsNotRunning() pass - def configure(self, env): + def pre_rolling_restart(self, env): import params env.set_params(params) - setup_usersync() + upgrade.prestart(env, "ranger-usersync") + + def get_stack_to_component(self): + return {"HDP": "ranger-usersync"} if __name__ == "__main__": http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py index c1f365c..f54ba01 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py @@ -23,234 +23,74 @@ import os from resource_management import * from resource_management.core.logger import Logger -def setup_ranger(): +def setup_ranger_admin(): import params - if check_db_connnection(): - File(params.downloaded_custom_connector, - content = DownloadSource(params.driver_curl_source) - ) - - if not os.path.isfile(params.driver_curl_target): - Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target), - path=["/bin", "/usr/bin/"], - sudo=True) - - file_path = format("{ranger_home}/install.properties") - bk_file_path = format("{ranger_home}/install-bk.properties") - - File(bk_file_path, - content = StaticFile(file_path), - ) - - write_properties_to_file(file_path, admin_properties()) - ##if db flavor == oracle - set oracle home env variable - if params.db_flavor.lower() == 'oracle' and params.oracle_home: - env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home} - else: - env_dict = {'JAVA_HOME': params.java_home} - setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')]) - - try: - Execute(setup_sh, - environment=env_dict, - logoutput=True, - ) - except Fail, e: - if os.path.isfile(bk_file_path): - File(file_path, - action = "delete", - ) - Execute(('mv', bk_file_path, file_path), - sudo = True, - ) - raise Fail('Ranger installation Failed, {0}'.format(str(e))) - - do_post_installation() - - if os.path.isfile(bk_file_path): - File(file_path, - action = "delete", - ) - Execute(('mv', bk_file_path, file_path), - sudo = True, - ) - else: - raise Fail('Ranger admin install.properties backup file doesnot exist') - -def do_post_installation(): - import params - - Logger.info('Performing Ranger post installation') + check_db_connnection() + + File(params.downloaded_custom_connector, + content = DownloadSource(params.driver_curl_source) + ) - file_path = format("{ranger_conf}/ranger_webserver.properties") - ranger_site = dict() - ranger_site['http.service.port'] = params.http_service_port - ranger_site['https.service.port'] = params.https_service_port - ranger_site['https.attrib.keystoreFile'] = params.https_attrib_keystoreFile - ranger_site['https.attrib.keystorePass'] = params.https_attrib_keystorePass - ranger_site['https.attrib.keyAlias'] = params.https_attrib_keyAlias - ranger_site['https.attrib.clientAuth'] = params.https_attrib_clientAuth - write_properties_to_file(file_path, ranger_site) + Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target), + path=["/bin", "/usr/bin/"], + not_if=format("test -f {driver_curl_target}"), + sudo=True) + + ModifyPropertiesFile(format("{ranger_home}/install.properties"), + properties = params.config['configurations']['admin-properties'] + ) - ranger_site.clear() + ##if db flavor == oracle - set oracle home env variable + if params.db_flavor.lower() == 'oracle' and params.oracle_home: + env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home} + else: + env_dict = {'JAVA_HOME': params.java_home} + + setup_sh = format("cd {ranger_home} && ") + as_sudo([format('{ranger_home}/setup.sh')]) + Execute(setup_sh, + environment=env_dict, + logoutput=True, + ) + + ModifyPropertiesFile(format("{ranger_conf}/xa_system.properties"), + properties = params.config['configurations']['ranger-site'], + ) - file_path = format("{ranger_conf}/xa_system.properties") - ranger_site['http.enabled'] = params.http_enabled - write_properties_to_file(file_path, ranger_site) - Logger.info('Performing Ranger post installation DONE') - File(format('{params.ranger_conf}/ranger_webserver.properties'), mode=0744) + ModifyPropertiesFile(format("{ranger_conf}/ranger_webserver.properties"), + properties = params.config['configurations']['ranger-site'], + mode=0744 + ) def setup_usersync(): import params - file_path = format("{usersync_home}/install.properties") - write_properties_to_file(file_path, usersync_properties()) + PropertiesFile(format("{usersync_home}/install.properties"), + properties = params.config['configurations']['usersync-properties'], + ) cmd = format("cd {usersync_home} && ") + as_sudo([format('{usersync_home}/setup.sh')]) Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True) - Execute(('chown', params.unix_user, params.usersync_start), - sudo = True, - ) - Execute(('chown', params.unix_user, params.usersync_stop), - sudo = True, + + File([params.usersync_start, params.usersync_stop], + owner = params.unix_user ) File(params.usersync_services_file, mode = 0755, ) -def write_properties_to_file(file_path, value): - for key in value: - modify_config(file_path, key, value[key]) - -def modify_config(filepath, variable, setting): - var_found = False - already_set = False - V = str(variable) - S = str(setting) - - if ' ' in S: - S = '%s' % S - - tmp_filepath = format("{tmp_dir}/temporary_ranger_config.properties") - # we need to copy so non-root user is able to read it. - File(tmp_filepath, - content = StaticFile(filepath), - ) - - for line in fileinput.input(tmp_filepath, inplace=1): - if not line.lstrip(' ').startswith('#') and '=' in line: - _infile_var = str(line.split('=')[0].rstrip(' ')) - _infile_set = str(line.split('=')[1].lstrip(' ').rstrip()) - if var_found == False and _infile_var.rstrip(' ') == V: - var_found = True - if _infile_set.lstrip(' ') == S: - already_set = True - else: - line = format("{V}={S}\n") - - sys.stdout.write(line) - - # copy it back - File(filepath, - content = StaticFile(tmp_filepath), - ) - - if not var_found: - Execute(format("echo '{V}={S}\\n' | ") + as_sudo(['tee', '-a', filepath])) - elif already_set == True: - pass - else: - pass - - return - -def admin_properties(): - import params - - admin_properties = dict() - - admin_properties['DB_FLAVOR'] = params.db_flavor - admin_properties['SQL_COMMAND_INVOKER'] = params.sql_command_invoker - admin_properties['SQL_CONNECTOR_JAR'] = params.sql_connector_jar - admin_properties['db_root_user'] = params.db_root_user - admin_properties['db_root_password'] = params.db_root_password - admin_properties['db_host'] = params.db_host - admin_properties['db_name'] = params.db_name - admin_properties['db_user'] = params.db_user - admin_properties['db_password'] = params.db_password - admin_properties['audit_db_name'] = params.audit_db_name - admin_properties['audit_db_user'] = params.audit_db_user - admin_properties['audit_db_password'] = params.audit_db_password - admin_properties['policymgr_external_url'] = params.policymgr_external_url - admin_properties['policymgr_http_enabled'] = params.policymgr_http_enabled - admin_properties['authentication_method'] = params.authentication_method - admin_properties['remoteLoginEnabled'] = params.remoteLoginEnabled - admin_properties['authServiceHostName'] = params.authServiceHostName - admin_properties['authServicePort'] = params.authServicePort - admin_properties['xa_ldap_url'] = params.xa_ldap_url - admin_properties['xa_ldap_userDNpattern'] = params.xa_ldap_userDNpattern - admin_properties['xa_ldap_groupSearchBase'] = params.xa_ldap_groupSearchBase - admin_properties['xa_ldap_groupSearchFilter'] = params.xa_ldap_groupSearchFilter - admin_properties['xa_ldap_groupRoleAttribute'] = params.xa_ldap_groupRoleAttribute - admin_properties['xa_ldap_ad_domain'] = params.xa_ldap_ad_domain - admin_properties['xa_ldap_ad_url'] = params.xa_ldap_ad_url - - return admin_properties - -def usersync_properties(): - import params - - usersync_properties = dict() - - usersync_properties['POLICY_MGR_URL'] = params.policymgr_external_url - - usersync_properties['SYNC_SOURCE'] = params.sync_source - usersync_properties['MIN_UNIX_USER_ID_TO_SYNC'] = params.min_unix_user_id_to_sync - usersync_properties['SYNC_INTERVAL'] = params.sync_interval - usersync_properties['SYNC_LDAP_URL'] = params.sync_ldap_url - usersync_properties['SYNC_LDAP_BIND_DN'] = params.sync_ldap_bind_dn - usersync_properties['SYNC_LDAP_BIND_PASSWORD'] = params.sync_ldap_bind_password - usersync_properties['CRED_KEYSTORE_FILENAME'] = params.cred_keystore_filename - usersync_properties['SYNC_LDAP_USER_SEARCH_BASE'] = params.sync_ldap_user_search_base - usersync_properties['SYNC_LDAP_USER_SEARCH_SCOPE'] = params.sync_ldap_user_search_scope - usersync_properties['SYNC_LDAP_USER_OBJECT_CLASS'] = params.sync_ldap_user_object_class - usersync_properties['SYNC_LDAP_USER_SEARCH_FILTER'] = params.sync_ldap_user_search_filter - usersync_properties['SYNC_LDAP_USER_NAME_ATTRIBUTE'] = params.sync_ldap_user_name_attribute - usersync_properties['SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE'] = params.sync_ldap_user_group_name_attribute - usersync_properties['SYNC_LDAP_USERNAME_CASE_CONVERSION'] = params.sync_ldap_username_case_conversion - usersync_properties['SYNC_LDAP_GROUPNAME_CASE_CONVERSION'] = params.sync_ldap_groupname_case_conversion - usersync_properties['logdir'] = params.logdir - - return usersync_properties - def check_db_connnection(): import params - db_root_password = params.db_root_password - db_root_user = params.db_root_user - db_host = params.db_host - sql_command_invoker = params.sql_command_invoker - db_flavor = params.db_flavor - cmd_str = "" Logger.info('Checking DB connection') - if db_flavor and db_flavor.lower() == 'mysql': - cmd_str = "\"" + sql_command_invoker + "\"" + " -u " + db_root_user + " --password=" + db_root_password + " -h " + db_host + " -s -e \"select version();\"" - elif db_flavor and db_flavor.lower() == 'oracle': - cmd_str = sql_command_invoker +" " + db_root_user + "/" + db_root_password + "@" + db_host + " AS SYSDBA" - status, output = get_status_output(cmd_str) - - if status == 0: - Logger.info('Checking DB connection DONE') - return True - else: - Logger.info( - 'Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host, DB administrative privileges configured for connectivity from the Ranger Admin host to the configured DB host/instance and the DB server up and running on the DB host.') - sys.exit(1) - -def get_status_output(cmd): - import subprocess + if params.db_flavor.lower() == 'mysql': + cmd = format('{sql_command_invoker} -u {db_root_user} --password={db_root_password} -h {db_host} -s -e "select version();"') + elif params.db_flavor.lower() == 'oracle': + cmd = format('{sql_command_invoker} {db_root_user}/{db_root_password}@{db_host} AS SYSDBA') - ret = subprocess.call(cmd, shell=True) - return ret, ret + try: + Execute(cmd) + except Fail as ex: + Logger.info(ex) + raise Fail('Ranger Admin installation Failed! Ranger requires DB client installed on Ranger Host, DB administrative privileges configured for connectivity from the Ranger Admin host to the configured DB host/instance and the DB server up and running on the DB host.') http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py index 84ffa01..4bff50f 100644 --- a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py +++ b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py @@ -17,29 +17,143 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ''' - -import sys -import os -from stacks.utils.RMFTestCase import RMFTestCase -from mock.mock import patch - +from mock.mock import MagicMock, patch +from stacks.utils.RMFTestCase import * class TestRangerAdmin(RMFTestCase): COMMON_SERVICES_PACKAGE_DIR = "RANGER/0.4.0/package" STACK_VERSION = "2.2" - def setUp(self): - sys.path.insert(0, os.path.join(os.getcwd(), "../../main/resources/common-services", self.COMMON_SERVICES_PACKAGE_DIR, "scripts")) - - @patch("setup_ranger.setup_ranger") - def test_upgrade(self, setup_ranger_mock): + def test_configure_default(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py", + classname = "RangerAdmin", + command = "configure", + config_file="default.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assert_configure_default() + self.assertNoMoreResources() + + def test_start_default(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py", + classname = "RangerAdmin", + command = "start", + config_file="default.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assert_configure_default() + self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-start', + not_if = 'ps -ef | grep proc_rangeradmin | grep -v grep', + user = 'ranger', + ) + self.assertNoMoreResources() + + def test_stop_default(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py", + classname = "RangerAdmin", + command = "stop", + config_file="default.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-stop', + user = 'ranger', + ) + self.assertNoMoreResources() + + def test_configure_secured(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py", + classname = "RangerAdmin", + command = "configure", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assert_configure_secured() + self.assertNoMoreResources() + + def test_start_secured(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py", + classname = "RangerAdmin", + command = "start", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assert_configure_secured() + self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-start', + not_if = 'ps -ef | grep proc_rangeradmin | grep -v grep', + user = 'ranger', + ) + self.assertNoMoreResources() + + def test_stop_secured(self): self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_admin.py", - classname = "RangerAdmin", - command = "restart", - config_file="ranger-admin-upgrade.json", - hdp_stack_version = self.STACK_VERSION, - target = RMFTestCase.TARGET_COMMON_SERVICES) + classname = "RangerAdmin", + command = "stop", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assertResourceCalled('Execute', '/usr/bin/ranger-admin-stop', + user = 'ranger', + ) + self.assertNoMoreResources() - self.assertTrue(setup_ranger_mock.called) - self.assertResourceCalled("Execute", "/usr/bin/ranger-admin-stop", user="ranger") - self.assertResourceCalled("Execute", "hdp-select set ranger-admin 2.2.2.0-2399") \ No newline at end of file + def assert_configure_default(self): + self.assertResourceCalled('Execute', 'mysql -u root --password=aa -h localhost -s -e "select version();"',) + self.assertResourceCalled('File', '/tmp/mysql-connector-java.jar', + content = DownloadSource('http://c6401.ambari.apache.org:8080/resources//mysql-jdbc-driver.jar'), + ) + self.assertResourceCalled('Execute', ('cp', + '--remove-destination', + '/tmp/mysql-connector-java.jar', + '/usr/share/java/mysql-connector-java.jar'), + not_if = 'test -f /usr/share/java/mysql-connector-java.jar', + sudo = True, + path = ['/bin', '/usr/bin/'], + ) + self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties', + properties = self.getConfig()['configurations']['admin-properties'], + ) + self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-admin && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-admin/setup.sh', + logoutput = True, + environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, + ) + self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/xa_system.properties', + properties = self.getConfig()['configurations']['ranger-site'], + ) + self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/ranger_webserver.properties', + mode = 0744, + properties = self.getConfig()['configurations']['ranger-site'] + ) + + def assert_configure_secured(self): + self.assertResourceCalled('Execute', 'mysql -u root --password=rootpassword -h localhost -s -e "select version();"',) + self.assertResourceCalled('File', '/tmp/mysql-connector-java.jar', + content = DownloadSource('http://c6401.ambari.apache.org:8080/resources//mysql-jdbc-driver.jar'), + ) + self.assertResourceCalled('Execute', ('cp', + '--remove-destination', + '/tmp/mysql-connector-java.jar', + '/usr/share/java/mysql-connector-java.jar'), + not_if = 'test -f /usr/share/java/mysql-connector-java.jar', + sudo = True, + path = ['/bin', '/usr/bin/'], + ) + self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties', + properties = self.getConfig()['configurations']['admin-properties'], + ) + self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-admin && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-admin/setup.sh', + logoutput = True, + environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, + ) + self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/xa_system.properties', + properties = self.getConfig()['configurations']['ranger-site'], + ) + self.assertResourceCalled('ModifyPropertiesFile', '/etc/ranger/admin/conf/ranger_webserver.properties', + mode = 0744, + properties = self.getConfig()['configurations']['ranger-site'] + ) http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py index 74f9ce8..249ecbd 100644 --- a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py +++ b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py @@ -17,22 +17,91 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ''' +from mock.mock import MagicMock, patch +from stacks.utils.RMFTestCase import * -import sys -import os -from stacks.utils.RMFTestCase import RMFTestCase -from mock.mock import patch - - -class TestRangerUserSync(RMFTestCase): +class TestRangerUsersync(RMFTestCase): COMMON_SERVICES_PACKAGE_DIR = "RANGER/0.4.0/package" STACK_VERSION = "2.2" - def setUp(self): - sys.path.insert(0, os.path.join(os.getcwd(), - "../../main/resources/common-services", self.COMMON_SERVICES_PACKAGE_DIR, - "scripts")) - + def test_configure_default(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py", + classname = "RangerUsersync", + command = "configure", + config_file="default.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assert_configure_default() + self.assertNoMoreResources() + + def test_start_default(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py", + classname = "RangerUsersync", + command = "start", + config_file="default.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assert_configure_default() + self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-start',), + not_if = 'ps -ef | grep proc_rangerusersync | grep -v grep', + sudo = True, + ) + self.assertNoMoreResources() + + def test_stop_default(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py", + classname = "RangerUsersync", + command = "stop", + config_file="default.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-stop',), + sudo = True, + ) + self.assertNoMoreResources() + + def test_configure_secured(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py", + classname = "RangerUsersync", + command = "configure", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assert_configure_secured() + self.assertNoMoreResources() + + def test_start_secured(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py", + classname = "RangerUsersync", + command = "start", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assert_configure_secured() + self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-start',), + not_if = 'ps -ef | grep proc_rangerusersync | grep -v grep', + sudo = True, + ) + self.assertNoMoreResources() + + def test_stop_secured(self): + self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py", + classname = "RangerUsersync", + command = "stop", + config_file="secured.json", + hdp_stack_version = self.STACK_VERSION, + target = RMFTestCase.TARGET_COMMON_SERVICES + ) + self.assertResourceCalled('Execute', ('/usr/bin/ranger-usersync-stop',), + sudo = True, + ) + self.assertNoMoreResources() + @patch("setup_ranger.setup_usersync") def test_upgrade(self, setup_usersync_mock): self.executeScript(self.COMMON_SERVICES_PACKAGE_DIR + "/scripts/ranger_usersync.py", @@ -44,4 +113,40 @@ class TestRangerUserSync(RMFTestCase): self.assertTrue(setup_usersync_mock.called) self.assertResourceCalled("Execute", ("/usr/bin/ranger-usersync-stop",), sudo=True) - self.assertResourceCalled("Execute", "hdp-select set ranger-usersync 2.2.2.0-2399") \ No newline at end of file + self.assertResourceCalled("Execute", "hdp-select set ranger-usersync 2.2.2.0-2399") + + def assert_configure_default(self): + self.assertResourceCalled('PropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties', + properties = self.getConfig()['configurations']['usersync-properties'], + ) + self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-usersync && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-usersync/setup.sh', + logoutput = True, + environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, + ) + self.assertResourceCalled('File', '/usr/bin/ranger-usersync-start', + owner = 'ranger', + ) + self.assertResourceCalled('File', '/usr/bin/ranger-usersync-stop', + owner = 'ranger', + ) + self.assertResourceCalled('File', '/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh', + mode = 0755, + ) + + def assert_configure_secured(self): + self.assertResourceCalled('PropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties', + properties = self.getConfig()['configurations']['usersync-properties'], + ) + self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-usersync && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-usersync/setup.sh', + logoutput = True, + environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, + ) + self.assertResourceCalled('File', '/usr/bin/ranger-usersync-start', + owner = 'ranger', + ) + self.assertResourceCalled('File', '/usr/bin/ranger-usersync-stop', + owner = 'ranger', + ) + self.assertResourceCalled('File', '/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh', + mode = 0755, + ) http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/test/python/stacks/2.2/configs/default.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/configs/default.json b/ambari-server/src/test/python/stacks/2.2/configs/default.json index 892cdd3..c67eda4 100644 --- a/ambari-server/src/test/python/stacks/2.2/configs/default.json +++ b/ambari-server/src/test/python/stacks/2.2/configs/default.json @@ -31,6 +31,89 @@ "taskId": 152, "public_hostname": "c6401.ambari.apache.org", "configurations": { + "admin-properties": { + "authentication_method": "UNIX", + "db_root_user": "root", + "xa_ldap_groupSearchBase": "\"ou=groups,dc=xasecure,dc=net\"", + "audit_db_name": "ranger_audit", + "xa_ldap_ad_domain": "\"xasecure.net\"", + "remoteLoginEnabled": "true", + "SQL_CONNECTOR_JAR": "/usr/share/java/mysql-connector-java.jar", + "xa_ldap_userDNpattern": "\"uid={0},ou=users,dc=xasecure,dc=net\"", + "SQL_COMMAND_INVOKER": "mysql", + "db_user": "rangeradmin", + "db_password": "aa", + "authServicePort": "5151", + "audit_db_password": "aa", + "DB_FLAVOR": "MYSQL", + "audit_db_user": "rangerlogger", + "db_root_password": "aa", + "xa_ldap_url": "\"ldap://71.127.43.33:389\"", + "db_name": "ranger", + "xa_ldap_groupSearchFilter": "\"(member=uid={0},ou=users,dc=xasecure,dc=net)\"", + "authServiceHostName": "localhost", + "xa_ldap_ad_url": "\"ldap://ad.xasecure.net:389\"", + "policymgr_external_url": "http://localhost:6080", + "policymgr_http_enabled": "true", + "db_host": "localhost", + "xa_ldap_groupRoleAttribute": "\"cn\"" + }, + "ranger-site": { + "http.enabled": "true", + "http.service.port": "6080", + "https.attrib.keystorePass": "ranger", + "https.attrib.clientAuth": "want", + "https.attrib.keystoreFile": "/etc/ranger/admin/keys/server.jks", + "https.service.port": "6182", + "https.attrib.keyAlias": "myKey" + }, + "usersync-properties": { + "SYNC_INTERVAL": "1", + "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower", + "SYNC_LDAP_USER_SEARCH_FILTER": "-", + "SYNC_LDAP_URL": "ldap://localhost:389", + "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower", + "SYNC_LDAP_USER_SEARCH_SCOPE": "sub", + "SYNC_LDAP_BIND_PASSWORD": "admin321", + "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn", + "MIN_UNIX_USER_ID_TO_SYNC": "1000", + "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net", + "SYNC_LDAP_USER_OBJECT_CLASS": "person", + "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks", + "SYNC_SOURCE": "unix", + "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net", + "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof", + "logdir": "logs" + }, + "usersync-properties": { + "SYNC_INTERVAL": "1", + "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower", + "SYNC_LDAP_USER_SEARCH_FILTER": "-", + "SYNC_LDAP_URL": "ldap://localhost:389", + "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower", + "SYNC_LDAP_USER_SEARCH_SCOPE": "sub", + "SYNC_LDAP_BIND_PASSWORD": "admin321", + "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn", + "MIN_UNIX_USER_ID_TO_SYNC": "1000", + "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net", + "SYNC_LDAP_USER_OBJECT_CLASS": "person", + "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks", + "SYNC_SOURCE": "unix", + "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net", + "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof", + "logdir": "logs" + }, + "ranger-env": { + "ranger_group": "ranger", + "ranger_admin_log_dir": "/var/log/ranger/admin", + "oracle_home": "-", + "admin_username": "admin", + "ranger_user": "ranger", + "ranger_admin_username": "amb_ranger_admin", + "admin_password": "admin", + "ranger_admin_password": "aa", + "ranger_usersync_log_dir": "/var/log/ranger/usersync" + }, "spark-defaults": { "spark.yarn.applicationMaster.waitTries": "10", "spark.history.kerberos.keytab": "none", http://git-wip-us.apache.org/repos/asf/ambari/blob/d445eed5/ambari-server/src/test/python/stacks/2.2/configs/secured.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/configs/secured.json b/ambari-server/src/test/python/stacks/2.2/configs/secured.json index 62f10a2..5bd8814 100644 --- a/ambari-server/src/test/python/stacks/2.2/configs/secured.json +++ b/ambari-server/src/test/python/stacks/2.2/configs/secured.json @@ -30,6 +30,100 @@ "taskId": 152, "public_hostname": "c6401.ambari.apache.org", "configurations": { + "ranger-env": { + "ranger_group": "ranger", + "ranger_admin_password": "ambari123", + "oracle_home": "-", + "admin_username": "admin", + "ranger_user": "ranger", + "ranger_admin_username": "amb_ranger_admin", + "admin_password": "admin", + "ranger_admin_log_dir": "/var/log/ranger/admin", + "ranger_usersync_log_dir": "/var/log/ranger/usersync" + }, + "admin-properties": { + "db_password": "admin", + "db_root_user": "root", + "xa_ldap_groupSearchBase": "\"ou=groups,dc=xasecure,dc=net\"", + "xa_ldap_ad_domain": "\"xasecure.net\"", + "SQL_COMMAND_INVOKER": "mysql", + "SQL_CONNECTOR_JAR": "/usr/share/java/mysql-connector-java.jar", + "xa_ldap_userDNpattern": "\"uid={0},ou=users,dc=xasecure,dc=net\"", + "remoteLoginEnabled": "true", + "audit_db_name": "ranger_audit", + "ambari_user_password": "admin", + "authServicePort": "5151", + "audit_db_password": "admin", + "DB_FLAVOR": "MYSQL", + "audit_db_user": "rangerlogger", + "xa_ldap_groupRoleAttribute": "\"cn\"", + "xa_ldap_url": "\"ldap://71.127.43.33:389\"", + "db_name": "ranger", + "authentication_method": "UNIX", + "xa_ldap_groupSearchFilter": "\"(member=uid={0},ou=users,dc=xasecure,dc=net)\"", + "policymgr_http_enabled": "true", + "authServiceHostName": "localhost", + "xa_ldap_ad_url": "\"ldap://ad.xasecure.net:389\"", + "unix_group": "ranger", + "policymgr_external_url": "http://localhost:6080", + "db_user": "rangeradmin", + "db_host": "localhost", + "unix_user": "ranger", + "db_root_password": "rootpassword" + }, + "ranger-hdfs-plugin-properties": { + "XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS": "900", + "XAAUDIT.HDFS.DESTINATION_DIRECTORY": "hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%", + "POLICY_USER": "ambari-qa", + "XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit", + "common.name.for.certificate": "-", + "XAAUDIT.HDFS.IS_ENABLED": "false", + "XAAUDIT.HDFS.LOCAL_BUFFER_FILE": "%time:yyyyMMdd-HHmm.ss%.log", + "SSL_KEYSTORE_PASSWORD": "myKeyFilePassword", + "XAAUDIT.DB.IS_ENABLED": "true", + "XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS": "600", + "hadoop.rpc.protection": "-", + "ranger-hdfs-plugin-enabled": "No", + "SSL_KEYSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-keystore.jks", + "XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS": "60", + "policy_user": "ambari-qa", + "XAAUDIT.HDFS.DESTINTATION_FILE": "%hostname%-audit.log", + "XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS": "86400", + "XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT": "10", + "SSL_TRUSTSTORE_PASSWORD": "changeit", + "XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY": "__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive", + "REPOSITORY_CONFIG_USERNAME": "hadoop", + "XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS": "60", + "SSL_TRUSTSTORE_FILE_PATH": "/etc/hadoop/conf/ranger-plugin-truststore.jks", + "REPOSITORY_CONFIG_PASSWORD": "hadoop" + }, + "ranger-site": { + "HTTPS_KEYSTORE_FILE": "/etc/ranger/admin/keys/server.jks", + "HTTPS_CLIENT_AUTH": "want", + "HTTPS_SERVICE_PORT": "6182", + "HTTPS_KEY_ALIAS": "myKey", + "HTTPS_KEYSTORE_PASS": "ranger", + "HTTP_ENABLED": "true", + "HTTP_SERVICE_PORT": "6080" + }, + "usersync-properties": { + "SYNC_INTERVAL": "1", + "SYNC_LDAP_USERNAME_CASE_CONVERSION": "lower", + "SYNC_LDAP_USER_SEARCH_FILTER": "-", + "SYNC_LDAP_URL": "ldap://localhost:389", + "SYNC_LDAP_GROUPNAME_CASE_CONVERSION": "lower", + "SYNC_LDAP_USER_SEARCH_SCOPE": "sub", + "SYNC_LDAP_BIND_PASSWORD": "admin321", + "SYNC_LDAP_USER_NAME_ATTRIBUTE": "cn", + "MIN_UNIX_USER_ID_TO_SYNC": "1000", + "SYNC_LDAP_USER_SEARCH_BASE": "ou=users,dc=xasecure,dc=net", + "logdir": "logs", + "CRED_KEYSTORE_FILENAME": "/usr/lib/xausersync/.jceks/xausersync.jceks", + "SYNC_SOURCE": "unix", + "SYNC_LDAP_BIND_DN": "cn=admin,dc=xasecure,dc=net", + "SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE": "memberof,ismemberof", + "SYNC_LDAP_USER_OBJECT_CLASS": "person" + }, "spark-defaults": { "spark.yarn.applicationMaster.waitTries": "10", "spark.history.kerberos.keytab": "/etc/security/keytabs/spark.service.keytab",