Repository: ambari Updated Branches: refs/heads/branch-2.1 cd20150a3 -> 3fed844be
AMBARI-13763. ranger.audit.solr.zookeepers value should be suffixed with /ranger_audits Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3fed844b Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3fed844b Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3fed844b Branch: refs/heads/branch-2.1 Commit: 3fed844bea5b07d964bdca1cc39cbaec4025fd4c Parents: cd20150 Author: Gautam Borad <gau...@apache.org> Authored: Fri Nov 6 16:05:12 2015 +0530 Committer: Gautam Borad <gau...@apache.org> Committed: Wed Nov 11 10:47:07 2015 +0530 ---------------------------------------------------------------------- .../RANGER/0.4.0/package/scripts/setup_ranger.py | 2 +- .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 12 ++++++++++++ .../2.3/services/RANGER/configuration/ranger-env.xml | 2 +- .../RANGER/configuration/ranger-ugsync-site.xml | 2 +- .../resources/stacks/HDP/2.3/services/stack_advisor.py | 9 +++++++-- 5 files changed, 22 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/3fed844b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py index 27bccdc..a571686 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py @@ -122,7 +122,7 @@ def check_db_connnection(): if params.db_flavor.lower() == 'mysql': cmd = format('{sql_command_invoker} -u {db_root_user} --password={db_root_password!p} -h {db_host} -s -e "select version();"') elif params.db_flavor.lower() == 'oracle': - cmd = format('{sql_command_invoker} {db_root_user}/{db_root_password!p}@{db_host} AS SYSDBA') + cmd = format("{sql_command_invoker} '{db_root_user}/\"{db_root_password}\"@{db_host}' AS SYSDBA") env_dict = {'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home} elif params.db_flavor.lower() == 'postgres': cmd = 'true' http://git-wip-us.apache.org/repos/asf/ambari/blob/3fed844b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py index c74b340..905ec1d 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py @@ -35,12 +35,24 @@ from resource_management.libraries.functions.format import format from resource_management.libraries.functions.ranger_functions import Rangeradmin from resource_management.core.utils import PasswordString from resource_management.core.shell import as_sudo +import re + +def password_validation(password, key): + import params + if password.strip() == "": + raise Fail("Blank password is not allowed for {0} property. Please enter valid password.".format(key)) + if re.search("[\\\`'\"]",password): + raise Fail("{0} password contains one of the unsupported special characters like \" ' \ `".format(key)) + else: + Logger.info("Password validated") def setup_kms_db(): import params if params.has_ranger_admin: + password_validation(params.kms_master_key_password, 'KMS master key') + File(params.downloaded_custom_connector, content = DownloadSource(params.driver_curl_source), mode = 0644 http://git-wip-us.apache.org/repos/asf/ambari/blob/3fed844b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml index 8693c46..eec7436 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml @@ -29,7 +29,7 @@ <property> <name>create_db_dbuser</name> <value>true</value> - <display-name>Setup Database and Databse User</display-name> + <display-name>Setup Database and Database User</display-name> <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description> <value-attributes> <type>value-list</type> http://git-wip-us.apache.org/repos/asf/ambari/blob/3fed844b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml index e878d3d..4f6399b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml @@ -65,7 +65,7 @@ <property> <name>ranger.usersync.enabled</name> <display-name>Enable User Sync</display-name> - <value>false</value> + <value>true</value> <description>Should users and groups be synchronized to Ranger Database? Required to setup Ranger policies</description> <value-attributes> <empty-value-valid>true</empty-value-valid> http://git-wip-us.apache.org/repos/asf/ambari/blob/3fed844b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index 7d2b625..c7e8ebd 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -416,7 +416,12 @@ class HDP23StackAdvisor(HDP22StackAdvisor): if isSolrCloudEnabled: zookeeper_host_port = self.getZKHostPortString(services) if zookeeper_host_port: - putRangerAdminProperty('ranger.audit.solr.zookeepers', zookeeper_host_port) + ranger_audit_zk_port = [] + zk_hosts = zookeeper_host_port.split(',') + for zk_host in zk_hosts: + ranger_audit_zk_port.append('{0}/{1}'.format(zk_host,'ranger_audits')) + ranger_audit_zk_port = ','.join(ranger_audit_zk_port) + putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port) else: putRangerAdminProperty('ranger.audit.solr.zookeepers', 'NONE') @@ -425,7 +430,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor): if include_hdfs: if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']): default_fs = services['configurations']['core-site']['properties']['fs.defaultFS'] - putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', default_fs) + putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', '{0}/{1}/{2}'.format(default_fs,'ranger','audit')) # Recommend Ranger supported service's audit properties ranger_services = [