Repository: ambari Updated Branches: refs/heads/trunk 346dfe7eb -> 8006d3d6a
AMBARI-15752. Ambari support for additional config params for Ranger KMS to support HSM (Mugdha Varadkar via gautam) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/8006d3d6 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/8006d3d6 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/8006d3d6 Branch: refs/heads/trunk Commit: 8006d3d6a77615b43aeb619bac6231d9f3ff2b75 Parents: 346dfe7 Author: Gautam Borad <gau...@apache.org> Authored: Wed Apr 20 16:38:11 2016 +0530 Committer: Gautam Borad <gau...@apache.org> Committed: Thu Apr 21 19:24:01 2016 +0530 ---------------------------------------------------------------------- .../libraries/functions/constants.py | 3 +- .../libraries/functions/stack_features.py | 7 +- .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 2 + .../0.5.0.2.3/package/scripts/params.py | 5 + .../HDP/2.0.6/properties/stack_features.json | 7 +- .../RANGER_KMS/configuration/dbks-site.xml | 78 ++++++++++++ .../RANGER_KMS/configuration/kms-env.xml | 34 +++++ .../HDP/2.5/services/RANGER_KMS/metainfo.xml | 10 +- .../RANGER_KMS/themes/theme_version_2.json | 124 +++++++++++++++++++ 9 files changed, 266 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-common/src/main/python/resource_management/libraries/functions/constants.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py index 658c56f..36df2e8 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py @@ -76,4 +76,5 @@ class StackFeature: HIVE_WEBHCAT_SPECIFIC_CONFIGS = "hive_webhcat_specific_configs" HIVE_PURGE_TABLE = "hive_purge_table" HIVE_SERVER2_KERBERIZED_ENV = "hive_server2_kerberized_env" - HIVE_ENV_HEAPSIZE = "hive_env_heapsize" \ No newline at end of file + HIVE_ENV_HEAPSIZE = "hive_env_heapsize" + RANGER_KMS_HSM_SUPPORT = "ranger_kms_hsm_support" \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py b/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py index cf56acf..2e9123f 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/stack_features.py @@ -218,7 +218,12 @@ _DEFAULT_STACK_FEATURES = { "name": "hive_env_heapsize", "description": "Hive heapsize property defined in hive-env (AMBARI-12801)", "min_version": "2.2.0.0" - } + }, + { + "name": "ranger_kms_hsm_support", + "description": "Ranger KMS HSM support (AMBARI-15752)", + "min_version": "2.5.0.0" + } ] } http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py index f63d660..9e54649 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py @@ -237,6 +237,8 @@ def kms(upgrade_type=None): do_keystore_setup(params.credential_provider_path, params.jdbc_alias, params.db_password) do_keystore_setup(params.credential_provider_path, params.masterkey_alias, params.kms_master_key_password) + if params.stack_support_kms_hsm and params.enable_kms_hsm: + do_keystore_setup(params.credential_provider_path, params.hms_partition_alias, unicode(params.hms_partition_passwd)) XmlConfig("dbks-site.xml", conf_dir=params.kms_conf_dir, http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py index 4bdbd80..ce136b2 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py @@ -207,3 +207,8 @@ ranger_kms_jdbc_driver = config['configurations']['dbks-site']['ranger.ks.jpa.jd jce_name = default("/hostLevelParams/jce_name", None) jce_source_dir = format('{tmp_dir}/jce_dir') + +#kms hsm support +enable_kms_hsm = default("/configurations/dbks-site/ranger.ks.hsm.enabled", False) +hms_partition_alias = default("/configurations/dbks-site/ranger.ks.hsm.partition.password.alias", "ranger.kms.hsm.partition.password") +hms_partition_passwd = default("/configurations/kms-env/hsm_partition_password", None) http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json index 4cead39..f4bd028 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json @@ -195,6 +195,11 @@ "name": "hive_env_heapsize", "description": "Hive heapsize property defined in hive-env (AMBARI-12801)", "min_version": "2.2.0.0" - } + }, + { + "name": "ranger_kms_hsm_support", + "description": "Ranger KMS HSM support (AMBARI-15752)", + "min_version": "2.5.0.0" + } ] } http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml new file mode 100644 index 0000000..b652574 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/dbks-site.xml @@ -0,0 +1,78 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> + +<configuration> + + <property> + <name>ranger.ks.hsm.type</name> + <display-name>HSM Type</display-name> + <value>LunaProvider</value> + <description>HSM type</description> + </property> + + <property> + <name>ranger.ks.hsm.enabled</name> + <display-name>HSM Enabled</display-name> + <value>false</value> + <description>Enable HSM ?</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + <type>value-list</type> + <overridable>false</overridable> + <entries> + <entry> + <value>true</value> + <label>Yes</label> + </entry> + <entry> + <value>false</value> + <label>No</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + </property> + + <property> + <name>ranger.ks.hsm.partition.name</name> + <display-name>HSM partition name</display-name> + <value>par19</value> + <description></description> + </property> + + <property> + <name>ranger.ks.hsm.partition.password</name> + <value>_</value> + <property-type>PASSWORD</property-type> + <value-attributes> + <type>password</type> + </value-attributes> + <description>HSM partition password</description> + </property> + + <property> + <name>ranger.ks.hsm.partition.password.alias</name> + <display-name>HSM partition password alias</display-name> + <value>ranger.kms.hsm.partition.password</value> + <description>HSM partition password alias</description> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/kms-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/kms-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/kms-env.xml new file mode 100644 index 0000000..1093e37 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/configuration/kms-env.xml @@ -0,0 +1,34 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_adding_forbidden="true"> + + <property> + <name>hsm_partition_password</name> + <display-name>HSM partition password</display-name> + <value></value> + <property-type>PASSWORD</property-type> + <value-attributes> + <type>password</type> + </value-attributes> + <description>HSM partition password</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml index 02fb6aa..796c9df 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/metainfo.xml @@ -23,7 +23,15 @@ <services> <service> <name>RANGER_KMS</name> - <version>0.5.0.2.5</version> + <version>0.6.0.2.5</version> + + <themes> + <theme> + <fileName>theme_version_2.json</fileName> + <default>true</default> + </theme> + </themes> + </service> </services> </metainfo> http://git-wip-us.apache.org/repos/asf/ambari/blob/8006d3d6/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/themes/theme_version_2.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/themes/theme_version_2.json b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/themes/theme_version_2.json new file mode 100644 index 0000000..cce73e0 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/services/RANGER_KMS/themes/theme_version_2.json @@ -0,0 +1,124 @@ +{ + "configuration": { + "layouts": [ + { + "name": "default", + "tabs": [ + { + "name": "kms_hsm", + "display-name": "KMS HSM", + "layout": { + "tab-columns": "1", + "tab-rows": "1", + "sections": [ + { + "name": "section-kms-hms", + "display-name": "", + "row-index": "0", + "column-index": "0", + "row-span": "2", + "column-span": "1", + "section-columns": "1", + "section-rows": "2", + "subsections": [ + { + "name": "subsection-kms-hsm-row1-col1", + "display-name": "Ranger KMS HSM Enabled", + "row-index": "0", + "column-index": "0", + "row-span": "1", + "column-span": "1" + }, + { + "name": "subsection-kms-hsm-row2-col1", + "display-name": "Configuration Settings", + "row-index": "1", + "column-index": "0", + "row-span": "1", + "column-span": "1", + "depends-on": [ + { + "configs": [ + "dbks-site/ranger.ks.hsm.enabled" + ], + "if": "${dbks-site/ranger.ks.hsm.enabled}", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + } + ] + } + ] + } + } + ] + } + ], + "placement": { + "configuration-layout": "default", + "configs": [ + { + "config": "dbks-site/ranger.ks.hsm.enabled", + "subsection-name": "subsection-kms-hsm-row1-col1" + }, + { + "config": "dbks-site/ranger.ks.hsm.type", + "subsection-name": "subsection-kms-hsm-row2-col1" + }, + { + "config": "dbks-site/ranger.ks.hsm.partition.name", + "subsection-name": "subsection-kms-hsm-row2-col1" + }, + { + "config": "dbks-site/ranger.ks.hsm.partition.password.alias", + "subsection-name": "subsection-kms-hsm-row2-col1" + }, + { + "config": "kms-env/hsm_partition_password", + "subsection-name": "subsection-kms-hsm-row2-col1" + } + ] + }, + "widgets": [ + { + "config": "dbks-site/ranger.ks.hsm.enabled", + "widget": { + "type": "toggle" + } + }, + { + "config": "dbks-site/ranger.ks.hsm.type", + "widget": { + "type": "text-field" + } + }, + { + "config": "dbks-site/ranger.ks.hsm.partition.name", + "widget": { + "type": "text-field" + } + }, + { + "config": "dbks-site/ranger.ks.hsm.partition.password.alias", + "widget": { + "type": "text-field" + } + }, + { + "config": "kms-env/hsm_partition_password", + "widget": { + "type": "password" + } + } + ] + } +} \ No newline at end of file
