Repository: ambari Updated Branches: refs/heads/trunk 0696a804c -> 5e4faf1ea
AMBARI-17607. Add localjecks support in ambari for Ranger and Ranger KMS services (Mugdha Varadkar via srimanth) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5e4faf1e Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5e4faf1e Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5e4faf1e Branch: refs/heads/trunk Commit: 5e4faf1ea928695e6dc5e1ace3dd1a0f1636890e Parents: 0696a80 Author: Srimanth Gunturi <sgunt...@hortonworks.com> Authored: Thu Jul 7 14:16:46 2016 -0700 Committer: Srimanth Gunturi <sgunt...@hortonworks.com> Committed: Thu Jul 7 14:25:13 2016 -0700 ---------------------------------------------------------------------- .../resource_management/libraries/functions/constants.py | 1 + .../common-services/RANGER/0.4.0/package/scripts/params.py | 3 ++- .../RANGER/0.4.0/package/scripts/setup_ranger_xml.py | 5 ++++- .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 5 ++++- .../RANGER_KMS/0.5.0.2.3/package/scripts/params.py | 1 + .../stacks/HDP/2.0.6/properties/stack_features.json | 5 +++++ .../src/test/python/stacks/2.5/RANGER/test_ranger_admin.py | 4 ++-- .../test/python/stacks/2.5/RANGER/test_ranger_usersync.py | 4 ++-- .../src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py | 8 ++++---- 9 files changed, 25 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4faf1e/ambari-common/src/main/python/resource_management/libraries/functions/constants.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py index cd73049..948beb2 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/constants.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/constants.py @@ -92,4 +92,5 @@ class StackFeature: ATLAS_UPGRADE_SUPPORT = "atlas_upgrade_support" RANGER_PID_SUPPORT = "ranger_pid_support" RANGER_KMS_PID_SUPPORT = "ranger_kms_pid_support" + RANGER_LOCALJCEKS_SUPPORT = "ranger_localjceks_support" RANGER_ADMIN_PASSWD_CHANGE = "ranger_admin_password_change" http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4faf1e/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py index fad4b9b..c7241c3 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py @@ -66,6 +66,7 @@ stack_supports_ranger_kerberos = stack_version_formatted and check_stack_feature stack_supports_usersync_passwd = stack_version_formatted and check_stack_feature(StackFeature.RANGER_USERSYNC_PASSWORD_JCEKS, stack_version_formatted) stack_supports_logsearch_client = stack_version_formatted and check_stack_feature(StackFeature.RANGER_INSTALL_LOGSEARCH_CLIENT, stack_version_formatted) stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_PID_SUPPORT, stack_version_formatted) +stack_supports_localjceks = stack_version_formatted and check_stack_feature(StackFeature.RANGER_LOCALJCEKS_SUPPORT, stack_version_formatted) stack_supports_ranger_admin_password_change = stack_version_formatted and check_stack_feature(StackFeature.RANGER_ADMIN_PASSWD_CHANGE, stack_version_formatted) downgrade_from_version = default("/commandParams/downgrade_from_version", None) @@ -355,4 +356,4 @@ ranger_usersync_pid_file = format('{ranger_pid_dir}/usersync.pid') # admin credential admin_username = config['configurations']['ranger-env']['admin_username'] admin_password = config['configurations']['ranger-env']['admin_password'] -default_admin_password = 'admin' \ No newline at end of file +default_admin_password = 'admin' http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4faf1e/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py index eac4aee..9dbf6d4 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py @@ -527,7 +527,10 @@ def ranger_credential_helper(lib_path, alias_key, alias_value, file_path): import params java_bin = format('{java_home}/bin/java') - file_path = format('jceks://file{file_path}') + jceks_scheme = 'jceks' + if params.stack_supports_localjceks: + jceks_scheme = 'localjceks' + file_path = format('{jceks_scheme}://file{file_path}') cmd = (java_bin, '-cp', lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', alias_key, '-value', PasswordString(alias_value), '-provider', file_path) Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True, sudo=True) http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4faf1e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py index 0a8c7d3..b53f877 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py @@ -115,7 +115,10 @@ def do_keystore_setup(cred_provider_path, credential_alias, credential_password) if cred_provider_path is not None: java_bin = format('{java_home}/bin/java') - file_path = format('jceks://file{cred_provider_path}') + jceks_scheme = 'jceks' + if params.stack_supports_localjceks: + jceks_scheme = 'localjceks' + file_path = format('{jceks_scheme}://file{cred_provider_path}') cmd = (java_bin, '-cp', params.cred_lib_path, 'org.apache.ranger.credentialapi.buildks', 'create', credential_alias, '-value', PasswordString(credential_password), '-provider', file_path) Execute(cmd, environment={'JAVA_HOME': params.java_home}, http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4faf1e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py index dfcad32..52f1e13 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py @@ -42,6 +42,7 @@ stack_supports_config_versioning = stack_version_formatted and check_stack_feat stack_support_kms_hsm = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KMS_HSM_SUPPORT, stack_version_formatted) stack_supports_ranger_kerberos = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KERBEROS_SUPPORT, stack_version_formatted) stack_supports_pid = stack_version_formatted and check_stack_feature(StackFeature.RANGER_KMS_PID_SUPPORT, stack_version_formatted) +stack_supports_localjceks = stack_version_formatted and check_stack_feature(StackFeature.RANGER_LOCALJCEKS_SUPPORT, stack_version_formatted) hadoop_conf_dir = conf_select.get_hadoop_conf_dir() security_enabled = config['configurations']['cluster-env']['security_enabled'] http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4faf1e/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json index 7f85ad3..1551cc5 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/properties/stack_features.json @@ -265,6 +265,11 @@ "name": "ranger_admin_password_change", "description": "Allow ranger admin credentials to be specified during cluster creation (AMBARI-17000)", "min_version": "2.5.0.0" + }, + { + "name": "ranger_localjceks_support", + "description": "Ranger Service support localjceks", + "min_version": "2.5.0.0" } ] } http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4faf1e/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py b/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py index 247b978..4425151 100644 --- a/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py +++ b/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_admin.py @@ -317,7 +317,7 @@ class TestRangerAdmin(RMFTestCase): mode = 0644 ) - self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-admin/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'rangeradmin', '-value', 'rangeradmin01', '-provider', 'jceks://file/etc/ranger/admin/rangeradmin.jceks'), + self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-admin/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'rangeradmin', '-value', 'rangeradmin01', '-provider', 'localjceks://file/etc/ranger/admin/rangeradmin.jceks'), environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, logoutput=True, sudo = True @@ -460,7 +460,7 @@ class TestRangerAdmin(RMFTestCase): mode = 0644 ) - self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-admin/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'rangeradmin', '-value', 'rangeradmin01', '-provider', 'jceks://file/etc/ranger/admin/rangeradmin.jceks'), + self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-admin/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'rangeradmin', '-value', 'rangeradmin01', '-provider', 'localjceks://file/etc/ranger/admin/rangeradmin.jceks'), environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, logoutput=True, sudo = True http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4faf1e/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_usersync.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_usersync.py b/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_usersync.py index 7b6e782..d28c4e3 100644 --- a/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_usersync.py +++ b/ambari-server/src/test/python/stacks/2.5/RANGER/test_ranger_usersync.py @@ -148,13 +148,13 @@ class TestRangerUsersync(RMFTestCase): mode = 04555 ) - self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-usersync/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'usersync.ssl.key.password', '-value', 'UnIx529p', '-provider', 'jceks://file/usr/hdp/current/ranger-usersync/conf/ugsync.jceks'), + self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-usersync/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'usersync.ssl.key.password', '-value', 'UnIx529p', '-provider', 'localjceks://file/usr/hdp/current/ranger-usersync/conf/ugsync.jceks'), environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, logoutput=True, sudo = True ) - self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-usersync/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'usersync.ssl.truststore.password', '-value', 'changeit', '-provider', 'jceks://file/usr/hdp/current/ranger-usersync/conf/ugsync.jceks'), + self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-usersync/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'usersync.ssl.truststore.password', '-value', 'changeit', '-provider', 'localjceks://file/usr/hdp/current/ranger-usersync/conf/ugsync.jceks'), environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, logoutput=True, sudo = True http://git-wip-us.apache.org/repos/asf/ambari/blob/5e4faf1e/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py b/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py index 70e3d42..0f8019e 100644 --- a/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py +++ b/ambari-server/src/test/python/stacks/2.5/RANGER_KMS/test_kms_server.py @@ -318,7 +318,7 @@ class TestRangerKMS(RMFTestCase): mode = 0775 ) - self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.jdbc.password', '-value', 'rangerkms01', '-provider', 'jceks://file/etc/ranger/kms/rangerkms.jceks'), + self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.jdbc.password', '-value', 'rangerkms01', '-provider', 'localjceks://file/etc/ranger/kms/rangerkms.jceks'), environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, logoutput=True, sudo=True @@ -330,7 +330,7 @@ class TestRangerKMS(RMFTestCase): mode = 0640 ) - self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.masterkey.password', '-value', 'StrongPassword01', '-provider', 'jceks://file/etc/ranger/kms/rangerkms.jceks'), + self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.masterkey.password', '-value', 'StrongPassword01', '-provider', 'localjceks://file/etc/ranger/kms/rangerkms.jceks'), environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, logoutput=True, sudo=True @@ -643,7 +643,7 @@ class TestRangerKMS(RMFTestCase): mode = 0775 ) - self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.jdbc.password', '-value', 'rangerkms01', '-provider', 'jceks://file/etc/ranger/kms/rangerkms.jceks'), + self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.jdbc.password', '-value', 'rangerkms01', '-provider', 'localjceks://file/etc/ranger/kms/rangerkms.jceks'), environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, logoutput=True, sudo=True @@ -655,7 +655,7 @@ class TestRangerKMS(RMFTestCase): mode = 0640 ) - self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.masterkey.password', '-value', 'StrongPassword01', '-provider', 'jceks://file/etc/ranger/kms/rangerkms.jceks'), + self.assertResourceCalled('Execute', ('/usr/jdk64/jdk1.7.0_45/bin/java', '-cp', '/usr/hdp/current/ranger-kms/cred/lib/*', 'org.apache.ranger.credentialapi.buildks', 'create', 'ranger.ks.masterkey.password', '-value', 'StrongPassword01', '-provider', 'localjceks://file/etc/ranger/kms/rangerkms.jceks'), environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, logoutput=True, sudo=True
