Repository: ambari Updated Branches: refs/heads/trunk 9c570b859 -> e50a2ac31
http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml new file mode 100644 index 0000000..020c2b1 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml @@ -0,0 +1,281 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<configuration supports_final="true"> + + <property> + <name>ranger.usersync.port</name> + <value>5151</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ssl</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.keystore.file</name> + <value>./conf/cert/unixauthservice.jks</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.keystore.password</name> + <value>UnIx529p</value> + <property-type>PASSWORD</property-type> + <description></description> + </property> + + <property> + <name>ranger.usersync.truststore.file</name> + <value>./conf/cert/mytruststore.jks</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.truststore.password</name> + <value>changeit</value> + <property-type>PASSWORD</property-type> + <description></description> + </property> + + <property> + <name>ranger.usersync.passwordvalidator.path</name> + <value>./native/credValidator.uexe</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.sink.impl.class</name> + <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.policymanager.baseURL</name> + <value>{{ranger_external_url}}</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.policymanager.maxrecordsperapicall</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.policymanager.mockrun</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.unix.minUserId</name> + <value>500</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name> + <value>5</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.source.impl.class</name> + <value>org.apache.ranger.unixusersync.process.UnixUserGroupBuilder</value> + <description>For Ldap: org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder, For Unix: org.apache.ranger.unixusersync.process.UnixUserGroupBuilder, org.apache.ranger.unixusersync.process.FileSourceUserGroupBuilder</description> + </property> + + <property> + <name>ranger.usersync.filesource.file</name> + <value>/tmp/usergroup.txt</value> + <description>/tmp/usergroup.json or /tmp/usergroup.csv or /tmp/usergroup.txt</description> + </property> + + <property> + <name>ranger.usersync.filesource.text.delimiter</name> + <value>,</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.url</name> + <value>ldap://localhost:389</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.binddn</name> + <value>cn=admin,dc=xasecure,dc=net</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.ldapbindpassword</name> + <value>admin321</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.bindalias</name> + <value>testldapalias</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.bindkeystore</name> + <value>-</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.searchBase</name> + <value>dc=hadoop,dc=apache,dc=org</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.user.searchbase</name> + <value>ou=users,dc=xasecure,dc=net</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.user.searchscope</name> + <value>sub</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.user.objectclass</name> + <value>person</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.user.searchfilter</name> + <value>empty</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.user.nameattribute</name> + <value>cn</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.user.groupnameattribute</name> + <value>memberof, ismemberof</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.username.caseconversion</name> + <value>lower</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.ldap.groupname.caseconversion</name> + <value>lower</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.logdir</name> + <value>/var/log/ranger/usersync</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.group.searchenabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.group.usermapsyncenabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.group.searchbase</name> + <value>ou=groups,dc=hadoop,dc=apache,dc=org</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.group.searchscope</name> + <value>sub</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.group.objectclass</name> + <value>groupofnames</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.group.searchfilter</name> + <value>empty</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.group.nameattribute</name> + <value>cn</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.group.memberattributename</name> + <value>member</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.pagedresultsenabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.pagedresultssize</name> + <value>500</value> + <description></description> + </property> + + <property> + <name>ranger.usersync.credstore.filename</name> + <value>/etc/ranger/usersync/ugsync.jceks</value> + <description></description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/usersync-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/usersync-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/usersync-properties.xml new file mode 100644 index 0000000..6196f89 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/usersync-properties.xml @@ -0,0 +1,108 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false" supports_do_not_extend="true"> + <property> + <name>SYNC_SOURCE</name> + <value>unix</value> + <description></description> + </property> + <property> + <name>MIN_UNIX_USER_ID_TO_SYNC</name> + <value>1000</value> + <description></description> + </property> + <property> + <name>POLICY_MGR_URL</name> + <value>{{usersync_exturl}}</value> + <description>Policy Manager external url</description> + </property> + <property> + <name>SYNC_INTERVAL</name> + <value>1</value> + <description></description> + </property> + <property> + <name>SYNC_LDAP_URL</name> + <value>ldap://localhost:389</value> + <description>a sample value would be: ldap://ldap.example.com:389</description> + </property> + <property> + <name>SYNC_LDAP_BIND_DN</name> + <value>cn=admin,dc=xasecure,dc=net</value> + <description>a sample value would be cn=admin,ou=users,dc=hadoop,dc=apache,dc-org</description> + </property> + <property> + <name>SYNC_LDAP_BIND_PASSWORD</name> + <value>admin321</value> + <description></description> + </property> + <property> + <name>CRED_KEYSTORE_FILENAME</name> + <value>/usr/lib/xausersync/.jceks/xausersync.jceks</value> + <description></description> + </property> + <property> + <name>SYNC_LDAP_USER_SEARCH_BASE</name> + <value>ou=users,dc=xasecure,dc=net</value> + <description>sample value would be ou=users,dc=hadoop,dc=apache,dc=org</description> + </property> + <property> + <name>SYNC_LDAP_USER_SEARCH_SCOPE</name> + <value>sub</value> + <description>default value: sub</description> + </property> + <property> + <name>SYNC_LDAP_USER_OBJECT_CLASS</name> + <value>person</value> + <description>default value: person</description> + </property> + <property> + <name>SYNC_LDAP_USER_SEARCH_FILTER</name> + <value>-</value> + <description>default value is empty</description> + </property> + <property> + <name>SYNC_LDAP_USER_NAME_ATTRIBUTE</name> + <value>cn</value> + <description>default value: cn</description> + </property> + <property> + <name>SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE</name> + <value>memberof,ismemberof</value> + <description></description> + </property> + <property> + <name>SYNC_LDAP_USERNAME_CASE_CONVERSION</name> + <value>lower</value> + <description>possible values: none, lower, upper</description> + </property> + <property> + <name>SYNC_LDAP_GROUPNAME_CASE_CONVERSION</name> + <value>lower</value> + <description>possible values: none, lower, upper</description> + </property> + <property> + <name>logdir</name> + <value>logs</value> + <description>user sync log path</description> + </property> +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/metainfo.xml index e66bee3..a13fabf 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/metainfo.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/metainfo.xml @@ -23,7 +23,10 @@ <services> <service> <name>RANGER</name> + <displayName>Ranger</displayName> + <comment>Comprehensive security for Hadoop</comment> <version>0.5.0.2.3</version> + <osSpecifics> <osSpecific> <osFamily>redhat7,redhat6,suse11</osFamily> @@ -49,6 +52,11 @@ </osSpecific> </osSpecifics> + <configuration-dependencies> + <config-type>ranger-admin-site</config-type> + <config-type>ranger-ugsync-site</config-type> + </configuration-dependencies> + </service> </services> </metainfo> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml new file mode 100644 index 0000000..bb7fc43 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml @@ -0,0 +1,270 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.batch.size</name> + <value>100</value> + <description></description> + </property> + + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name> + <value>jdbc:{{xa_audit_db_flavor}}://{{xa_db_host}}/{{xa_audit_db_name}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name> + <value>{{xa_audit_db_user}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name> + <value>crypted</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name> + <value>com.mysql.jdbc.Driver</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <value>jceks://file/{{credential_file}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.queue.size</name> + <value>1048576</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.encoding</name> + <value></value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.directory</name> + <value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.file</name> + <value>%hostname%-audit.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name> + <value>900</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name> + <value>86400</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.directory</name> + <value>/var/log/storm/audit</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file</name> + <value>%time:yyyyMMdd-HHmm.ss%.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name> + <value>8192</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name> + <value>600</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.directory</name> + <value>/var/log/storm/audit/archive</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.max.file.count</name> + <value>10</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.async</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.broker_list</name> + <value>localhost:9092</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.topic_name</name> + <value>ranger_audits</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.solr_url</name> + <value>http://localhost:6083/solr/ranger_audits</value> + <description></description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-plugin-properties.xml index 4d5750d..f2bf888 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-plugin-properties.xml @@ -21,27 +21,128 @@ <configuration supports_final="true"> <property> - <name>XAAUDIT.SOLR.IS_ENABLED</name> - <value>false</value> - <description></description> + <name>XAAUDIT.DB.IS_ENABLED</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.IS_ENABLED</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_QUEUE_SIZE</name> - <value>1</value> - <description></description> + <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS</name> - <value>1000</value> - <description></description> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.SOLR_URL</name> - <value>http://localhost:6083/solr/ranger_audits</value> - <description></description> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FILE</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_KEYSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_KEYSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>POLICY_MGR_URL</name> + <deleted>true</deleted> + </property> + + <property> + <name>SQL_CONNECTOR_JAR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.FLAVOUR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.DATABASE_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.USER_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.HOSTNAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>REPOSITORY_NAME</name> + <deleted>true</deleted> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml new file mode 100644 index 0000000..6e4a10c --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/etc/storm/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <description>password for keystore</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/etc/storm/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <description>java truststore password</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java keystore credential file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java truststore credential file</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml new file mode 100644 index 0000000..538f147 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-security.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.storm.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing policies for this Storm instance</description> + </property> + + <property> + <name>ranger.plugin.storm.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + </property> + + <property> + <name>ranger.plugin.storm.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.storm.policy.rest.ssl.config.file</name> + <value>/etc/storm/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.storm.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + </property> + + <property> + <name>ranger.plugin.storm.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml new file mode 100644 index 0000000..3895e13 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml @@ -0,0 +1,270 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.batch.size</name> + <value>100</value> + <description></description> + </property> + + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name> + <value>jdbc:{{xa_audit_db_flavor}}://{{xa_db_host}}/{{xa_audit_db_name}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name> + <value>{{xa_audit_db_user}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name> + <value>crypted</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name> + <value>com.mysql.jdbc.Driver</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <value>jceks://file/{{credential_file}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.queue.size</name> + <value>1048576</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.encoding</name> + <value></value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.directory</name> + <value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.file</name> + <value>%hostname%-audit.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name> + <value>900</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name> + <value>86400</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.directory</name> + <value>/var/log/yarn/audit</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file</name> + <value>%time:yyyyMMdd-HHmm.ss%.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name> + <value>8192</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name> + <value>600</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.directory</name> + <value>/var/log/yarn/audit/archive</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.max.file.count</name> + <value>10</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.async</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.broker_list</name> + <value>localhost:9092</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.topic_name</name> + <value>ranger_audits</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.solr_url</name> + <value>http://localhost:6083/solr/ranger_audits</value> + <description></description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml new file mode 100644 index 0000000..3197232 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <description>password for keystore</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <description>java truststore password</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java keystore credential file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java truststore credential file</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml new file mode 100644 index 0000000..703db95 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-security.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.yarn.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing policies for this Yarn instance</description> + </property> + + <property> + <name>ranger.plugin.yarn.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + </property> + + <property> + <name>ranger.plugin.yarn.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.yarn.policy.rest.ssl.config.file</name> + <value>/etc/yarn/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.yarn.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + </property> + + <property> + <name>ranger.plugin.yarn.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/test/python/stacks/2.2/configs/default.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/configs/default.json b/ambari-server/src/test/python/stacks/2.2/configs/default.json index 8188928..8c85311 100644 --- a/ambari-server/src/test/python/stacks/2.2/configs/default.json +++ b/ambari-server/src/test/python/stacks/2.2/configs/default.json @@ -112,7 +112,8 @@ "ranger_admin_username": "amb_ranger_admin", "admin_password": "admin", "ranger_admin_password": "aa", - "ranger_usersync_log_dir": "/var/log/ranger/usersync" + "ranger_usersync_log_dir": "/var/log/ranger/usersync", + "xml_configurations_supported" : "false" }, "spark-defaults": { "spark.yarn.applicationMaster.waitTries": "10", http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json b/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json index 4e8e942..3e6307d 100644 --- a/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json +++ b/ambari-server/src/test/python/stacks/2.2/configs/ranger-admin-upgrade.json @@ -171,7 +171,9 @@ "ranger_admin_username": "amb_ranger_admin", "admin_password": "admin", "ranger_admin_log_dir": "/var/log/ranger/admin", - "ranger_usersync_log_dir": "/var/log/ranger/usersync" + "ranger_usersync_log_dir": "/var/log/ranger/usersync", + "xml_configurations_supported" : false + }, "spark-javaopts-properties": { "content": " " http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json b/ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json index a20fc37..caec8ca 100644 --- a/ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json +++ b/ambari-server/src/test/python/stacks/2.2/configs/ranger-usersync-upgrade.json @@ -171,7 +171,8 @@ "ranger_admin_username": "amb_ranger_admin", "admin_password": "admin", "ranger_admin_log_dir": "/var/log/ranger/admin", - "ranger_usersync_log_dir": "/var/log/ranger/usersync" + "ranger_usersync_log_dir": "/var/log/ranger/usersync", + "xml_configurations_supported" : "false" }, "spark-javaopts-properties": { "content": " " http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/test/python/stacks/2.2/configs/secured.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/configs/secured.json b/ambari-server/src/test/python/stacks/2.2/configs/secured.json index e224ebc..dc674fe 100644 --- a/ambari-server/src/test/python/stacks/2.2/configs/secured.json +++ b/ambari-server/src/test/python/stacks/2.2/configs/secured.json @@ -39,7 +39,8 @@ "ranger_admin_username": "amb_ranger_admin", "admin_password": "admin", "ranger_admin_log_dir": "/var/log/ranger/admin", - "ranger_usersync_log_dir": "/var/log/ranger/usersync" + "ranger_usersync_log_dir": "/var/log/ranger/usersync", + "xml_configurations_supported" : false }, "admin-properties": { "db_password": "admin", http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/test/python/stacks/2.3/configs/default.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.3/configs/default.json b/ambari-server/src/test/python/stacks/2.3/configs/default.json index 44a8b41..424afdc 100644 --- a/ambari-server/src/test/python/stacks/2.3/configs/default.json +++ b/ambari-server/src/test/python/stacks/2.3/configs/default.json @@ -198,7 +198,10 @@ }, "ranger-hive-plugin-properties": { "ranger-hive-plugin-enabled":"yes" - } + }, + "ranger-env": { + "xml_configurations_supported" : "true" + } }, "configuration_attributes": { "yarn-site": { http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-web/app/data/HDP2.3/site_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js index 9e72904..4bf8078 100644 --- a/ambari-web/app/data/HDP2.3/site_properties.js +++ b/ambari-web/app/data/HDP2.3/site_properties.js @@ -27,7 +27,23 @@ var excludedConfigs = [ 'db_name', 'db_root_user', 'db_root_password', - 'nimbus.host' + 'nimbus.host', + 'XAAUDIT.DB.IS_ENABLED', + 'XAAUDIT.HDFS.IS_ENABLED', + 'UPDATE_XAPOLICIES_ON_GRANT_REVOKE', + 'authServiceHostName', + 'authServicePort', + 'authentication_method', + 'remoteLoginEnabled', + 'xa_ldap_url', + 'xa_ldap_userDNpattern', + 'xa_ldap_groupSearchBase', + 'xa_ldap_groupSearchFilter', + 'xa_ldap_groupRoleAttribute', + 'xa_ldap_ad_domain', + 'xa_ldap_ad_url', + 'policymgr_http_enabled', + 'policymgr_external_url' ]; var hdp23properties = hdp22properties.filter(function (item) { @@ -163,6 +179,229 @@ hdp23properties.push({ "filename": "admin-properties.xml", "category": "DBSettings" }, + /**************************************** RANGER - HDFS Plugin ***************************************/ + { + "id": "site property", + "name": "xasecure.audit.hdfs.config.encoding", + "displayName": "xasecure.audit.hdfs.config.encoding", + "defaultValue": "", + "isRequired": false, + "filename": "ranger-hdfs-audit.xml", + "category": "Advanced ranger-hdfs-audit", + "serviceName": "HDFS" + }, + { + "id": "site property", + "name": "xasecure.audit.db.is.enabled", + "displayName": "Audit to DB", + "displayType": "checkbox", + "filename": "ranger-hdfs-audit.xml", + "category": "Advanced ranger-hdfs-audit", + "serviceName": "HDFS" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.is.enabled", + "displayName": "Audit to HDFS", + "displayType": "checkbox", + "filename": "ranger-hdfs-audit.xml", + "category": "Advanced ranger-hdfs-audit", + "serviceName": "HDFS" + }, + { + "id": "site property", + "name": "xasecure.audit.solr.is.enabled", + "displayName": "Audit to SOLR", + "displayType": "checkbox", + "filename": "ranger-hdfs-audit.xml", + "category": "Advanced ranger-hdfs-audit", + "serviceName": "HDFS" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.config.encoding", + "displayName": "xasecure.audit.hdfs.config.encoding", + "defaultValue": "", + "isRequired": false, + "filename": "ranger-hive-audit.xml", + "category": "Advanced ranger-hive-audit", + "serviceName": "HIVE" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.config.encoding", + "displayName": "xasecure.audit.hdfs.config.encoding", + "defaultValue": "", + "isRequired": false, + "filename": "ranger-knox-audit.xml", + "category": "Advanced ranger-knox-audit", + "serviceName": "KNOX" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.config.encoding", + "displayName": "xasecure.audit.hdfs.config.encoding", + "defaultValue": "", + "isRequired": false, + "filename": "ranger-storm-audit.xml", + "category": "Advanced ranger-storm-audit", + "serviceName": "STORM" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.config.encoding", + "displayName": "xasecure.audit.hdfs.config.encoding", + "defaultValue": "", + "isRequired": false, + "filename": "ranger-yarn-audit.xml", + "category": "Advanced ranger-yarn-audit", + "serviceName": "YARN" + }, + { + "id": "site property", + "name": "xasecure.audit.db.is.enabled", + "displayName": "Audit to DB", + "displayType": "checkbox", + "filename": "ranger-hbase-audit.xml", + "category": "Advanced ranger-hbase-audit", + "serviceName": "HBASE" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.is.enabled", + "displayName": "Audit to HDFS", + "displayType": "checkbox", + "filename": "ranger-hbase-audit.xml", + "category": "Advanced ranger-hbase-audit", + "serviceName": "HBASE" + }, + { + "id": "site property", + "name": "xasecure.audit.solr.is.enabled", + "displayName": "Audit to SOLR", + "displayType": "checkbox", + "filename": "ranger-hbase-audit.xml", + "category": "Advanced ranger-hbase-audit", + "serviceName": "HBASE" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.config.encoding", + "displayName": "xasecure.audit.hdfs.config.encoding", + "defaultValue": "", + "isRequired": false, + "filename": "ranger-hbase-audit.xml", + "category": "Advanced ranger-hbase-audit", + "serviceName": "HBASE" + }, + { + "id": "site property", + "name": "xasecure.audit.db.is.enabled", + "displayName": "Audit to DB", + "displayType": "checkbox", + "filename": "ranger-hive-audit.xml", + "category": "Advanced ranger-hive-audit", + "serviceName": "HIVE" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.is.enabled", + "displayName": "Audit to HDFS", + "displayType": "checkbox", + "filename": "ranger-hive-audit.xml", + "category": "Advanced ranger-hive-audit", + "serviceName": "HIVE" + }, + { + "id": "site property", + "name": "xasecure.audit.solr.is.enabled", + "displayName": "Audit to SOLR", + "displayType": "checkbox", + "filename": "ranger-hive-audit.xml", + "category": "Advanced ranger-hive-audit", + "serviceName": "HIVE" + }, + { + "id": "site property", + "name": "xasecure.audit.db.is.enabled", + "displayName": "Audit to DB", + "displayType": "checkbox", + "filename": "ranger-knox-audit.xml", + "category": "Advanced ranger-knox-audit", + "serviceName": "KNOX" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.is.enabled", + "displayName": "Audit to HDFS", + "displayType": "checkbox", + "filename": "ranger-knox-audit.xml", + "category": "Advanced ranger-knox-audit", + "serviceName": "KNOX" + }, + { + "id": "site property", + "name": "xasecure.audit.solr.is.enabled", + "displayName": "Audit to SOLR", + "displayType": "checkbox", + "filename": "ranger-knox-audit.xml", + "category": "Advanced ranger-knox-audit", + "serviceName": "KNOX" + }, + { + "id": "site property", + "name": "xasecure.audit.db.is.enabled", + "displayName": "Audit to DB", + "displayType": "checkbox", + "filename": "ranger-storm-audit.xml", + "category": "Advanced ranger-storm-audit", + "serviceName": "STORM" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.is.enabled", + "displayName": "Audit to HDFS", + "displayType": "checkbox", + "filename": "ranger-storm-audit.xml", + "category": "Advanced ranger-storm-audit", + "serviceName": "STORM" + }, + { + "id": "site property", + "name": "xasecure.audit.solr.is.enabled", + "displayName": "Audit to SOLR", + "displayType": "checkbox", + "filename": "ranger-storm-audit.xml", + "category": "Advanced ranger-storm-audit", + "serviceName": "STORM" + }, + { + "id": "site property", + "name": "xasecure.audit.db.is.enabled", + "displayName": "Audit to DB", + "displayType": "checkbox", + "filename": "ranger-yarn-audit.xml", + "category": "Advanced ranger-yarn-audit", + "serviceName": "YARN" + }, + { + "id": "site property", + "name": "xasecure.audit.hdfs.is.enabled", + "displayName": "Audit to HDFS", + "displayType": "checkbox", + "filename": "ranger-yarn-audit.xml", + "category": "Advanced ranger-yarn-audit", + "serviceName": "YARN" + }, + { + "id": "site property", + "name": "xasecure.audit.solr.is.enabled", + "displayName": "Audit to SOLR", + "displayType": "checkbox", + "filename": "ranger-yarn-audit.xml", + "category": "Advanced ranger-yarn-audit", + "serviceName": "YARN" + }, { "name": "ranger_mysql_host", "id": "puppet var", @@ -325,6 +564,179 @@ hdp23properties.push({ "serviceName": "TEZ", "filename": "tez-site.xml", "category": "Advanced tez-site" + }, + { + "id": "puppet var", + "name": "ranger.external.url", + "displayName": "External URL", + "defaultValue": "http://localhost:6080", + "isReconfigurable": true, + "displayType": "", + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "RangerSettings" + }, + { + "id": "puppet var", + "name": "ranger.service.http.enabled", + "displayName": "HTTP enabled", + "defaultValue": true, + "isReconfigurable": true, + "displayType": "checkbox", + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "RangerSettings" + }, + { + "id": "site property", + "name": "ranger.authentication.method", + "displayName": "Authentication method", + "defaultValue": "NONE", + "options": [ + { + displayName: 'LDAP', + foreignKeys: ['xa_ldap_userDNpattern', 'xa_ldap_groupRoleAttribute', 'xa_ldap_url', 'xa_ldap_groupSearchBase', 'xa_ldap_groupSearchFilter'] + }, + { + displayName: 'ACTIVE_DIRECTORY', + foreignKeys: ['xa_ldap_ad_domain', 'xa_ldap_ad_url'] + }, + { + displayName: 'UNIX', + foreignKeys: ['remoteLoginEnabled', 'authServiceHostName', 'authServicePort'] + }, + { + displayName: 'NONE' + } + ], + "displayType": "radio button", + "radioName": "authentication-method", + "isReconfigurable": true, + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "RangerSettings" + }, + { + "id": "site property", + "name": "ranger.unixauth.remote.login.enabled", + "displayName": "Allow remote Login", + "defaultValue": true, + "isReconfigurable": true, + "displayType": "checkbox", + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "UnixAuthenticationSettings" + }, + { + "id": "site property", + "name": "ranger.unixauth.service.hostname", + "displayName": "ranger.unixauth.service.hostname", + "defaultValue": 'localhost', + "isReconfigurable": true, + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "UnixAuthenticationSettings" + }, + { + "id": "site property", + "name": "ranger.unixauth.service.port", + "displayName": "ranger.unixauth.service.port", + "defaultValue": '5151', + "isReconfigurable": true, + "displayType": "int", + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "UnixAuthenticationSettings" + }, + { + "id": "site property", + "name": "ranger.ldap.url", + "displayName": "ranger.ldap.url", + "isReconfigurable": true, + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "LDAPSettings" + }, + { + "id": "site property", + "name": "ranger.ldap.user.dnpattern", + "displayName": "ranger.ldap.user.dnpattern", + "isReconfigurable": true, + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "LDAPSettings" + }, + { + "id": "site property", + "name": "ranger.ldap.group.roleattribute", + "displayName": "ranger.ldap.group.roleattribute", + "isReconfigurable": true, + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "LDAPSettings" + }, + { + "id": "site property", + "name": "ranger.ldap.ad.domain", + "displayName": "ranger.ldap.ad.domain", + "isReconfigurable": true, + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "ADSettings" + }, + { + "id": "site property", + "name": "ranger.ldap.ad.url", + "displayName": "ranger.ldap.ad.url", + "isReconfigurable": true, + "isOverridable": false, + "isVisible": true, + "serviceName": "RANGER", + "filename": "ranger-admin-site.xml", + "category": "ADSettings" + }, + + /*********RANGER FOR HBASE************/ + { + "id": "site property", + "name": "xasecure.hbase.update.xapolicies.on.grant.revoke", + "defaultValue": true, + "displayName": "Should HBase GRANT/REVOKE update XA policies?", + "displayType": "checkbox", + "filename": "ranger-hbase-security.xml", + "category": "Advanced ranger-hbase-security", + "serviceName": "HBASE" + }, + /*********RANGER FOR HIVE************/ + { + "id": "site property", + "name": "xasecure.hive.update.xapolicies.on.grant.revoke", + "defaultValue": true, + "displayName": "Should Hive GRANT/REVOKE update XA policies?", + "displayType": "checkbox", + "filename": "ranger-hive-security.xml", + "category": "Advanced ranger-hive-security", + "serviceName": "HIVE" } );