Repository: ambari Updated Branches: refs/heads/branch-2.5 a96880fb9 -> a444517be
AMBARI-19437 Remove anonymous bind option for Ranger User sync for LDAP/AD (mugdha) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a444517b Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a444517b Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a444517b Branch: refs/heads/branch-2.5 Commit: a444517be4e347d20b449c9b2e84fc60c8855351 Parents: a96880f Author: Mugdha Varadkar <mug...@apache.org> Authored: Tue Jan 10 12:29:53 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Wed Jan 11 14:52:59 2017 +0530 ---------------------------------------------------------------------- .../0.5.0/configuration/ranger-ugsync-site.xml | 10 ++++--- .../RANGER/0.7.0/configuration/ranger-env.xml | 28 ++++++++++++++++++++ .../stacks/HDP/2.3/upgrades/config-upgrade.xml | 5 ++++ .../HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml | 4 +++ .../stacks/HDP/2.3/upgrades/upgrade-2.6.xml | 1 + .../stacks/HDP/2.4/upgrades/config-upgrade.xml | 5 ++++ .../HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml | 4 +++ .../stacks/HDP/2.4/upgrades/upgrade-2.6.xml | 1 + .../stacks/HDP/2.5/upgrades/config-upgrade.xml | 12 +++++++++ .../HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml | 5 ++++ .../stacks/HDP/2.5/upgrades/upgrade-2.6.xml | 3 +++ 11 files changed, 75 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml index e51ab7e..439c495 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER/0.5.0/configuration/ranger-ugsync-site.xml @@ -225,7 +225,8 @@ <name>ranger.usersync.ldap.searchBase</name> <value>dc=hadoop,dc=apache,dc=org</value> <description>"# search base for users and groups -# sample value would be dc=hadoop,dc=apache,dc=org"</description> +# sample value would be dc=hadoop,dc=apache,dc=org +# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated"</description> <value-attributes> <empty-value-valid>true</empty-value-valid> </value-attributes> @@ -237,7 +238,8 @@ <value/> <description>"# search base for users # sample value would be ou=users,dc=hadoop,dc=apache,dc=org -# overrides value specified in ranger.usersync.ldap.searchBase"</description> +# overrides value specified in ranger.usersync.ldap.searchBase +# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: cn=users,dc=example,dc=com;ou=example1,ou=example2"</description> <on-ambari-upgrade add="true"/> </property> <property> @@ -371,7 +373,9 @@ # sample value would be ou=groups,dc=hadoop,dc=apache,dc=org # overrides value specified in ranger.usersync.ldap.searchBase, ranger.usersync.ldap.user.searchbase # if a value is not specified, takes the value of ranger.usersync.ldap.searchBase -# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"</description> +# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase" +# From Ranger Release 0.6.0 multiple Ous can be configured with ; (semicolon) separated eg: ou=groups,DC=example,DC=com;ou=group1,ou=group2" +</description> <on-ambari-upgrade add="true"/> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml new file mode 100644 index 0000000..661089a --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/configuration/ranger-env.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> + +<configuration supports_final="true" supports_adding_forbidden="true"> + <property> + <name>bind_anonymous</name> + <deleted>true</deleted> + <on-ambari-upgrade add="false"/> + </property> +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml index fe1f494..a1f03e8 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/config-upgrade.xml @@ -228,6 +228,11 @@ if-type="ranger-env" if-key="is_solrCloud_enabled" if-value="true"/> </definition> + <definition xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"> + <type>ranger-env</type> + <transfer operation="delete" delete-key="bind_anonymous" /> + </definition> + </changes> </component> </service> http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml index a7b58f5..42918ff 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/nonrolling-upgrade-2.6.xml @@ -438,6 +438,10 @@ </task> </execute-stage> + <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin"> + <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/> + </execute-stage> + <!-- RANGER KMS --> <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Apply config changes for Ranger KMS Server"> <task xsi:type="configure" id="hdp_2_5_0_0_remove_ranger_kms_audit_db"/> http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml index c8baea1..1cdc416 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/upgrades/upgrade-2.6.xml @@ -592,6 +592,7 @@ <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerWebAlertConfigAction"> <summary>Configuring Ranger Alerts</summary> </task> + <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/> <task xsi:type="execute" hosts="all"> <script>scripts/ranger_admin.py</script> http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml index 44c2a6e..136fafe 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/config-upgrade.xml @@ -134,6 +134,11 @@ if-type="ranger-env" if-key="is_solrCloud_enabled" if-value="true"/> </definition> + <definition xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"> + <type>ranger-env</type> + <transfer operation="delete" delete-key="bind_anonymous" /> + </definition> + </changes> </component> </service> http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml index ce5105e..58ca724 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/nonrolling-upgrade-2.6.xml @@ -344,6 +344,10 @@ </task> </execute-stage> + <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin"> + <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/> + </execute-stage> + <!-- HDFS --> <execute-stage service="HDFS" component="NAMENODE" title="Apply config changes for Hdfs Namenode HA"> <task xsi:type="configure" id="hdp_2_5_0_0_namenode_ha_adjustments"/> http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml index 2fd7a7a..fa8187d 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.4/upgrades/upgrade-2.6.xml @@ -581,6 +581,7 @@ <task xsi:type="server_action" class="org.apache.ambari.server.serveraction.upgrades.RangerWebAlertConfigAction"> <summary>Configuring Ranger Alerts</summary> </task> + <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/> <task xsi:type="execute" hosts="all"> <script>scripts/ranger_admin.py</script> http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml index 9ddb667..40052d8 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml @@ -56,5 +56,17 @@ </changes> </component> </service> + + <service name="RANGER"> + <component name="RANGER_ADMIN"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"> + <type>ranger-env</type> + <transfer operation="delete" delete-key="bind_anonymous" /> + </definition> + </changes> + </component> + </service> + </services> </upgrade-config-changes> http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml index 7ccd96d..78418b0 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml @@ -302,6 +302,11 @@ <execute-stage service="STORM" component="NIMBUS" title="Apply config changes for Nimbus"> <task xsi:type="configure" id="increase_storm_zookeeper_timeouts"/> </execute-stage> + + <!--RANGER--> + <execute-stage service="RANGER" component="RANGER_ADMIN" title="Apply config changes for Ranger Admin"> + <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/> + </execute-stage> </group> <!-- http://git-wip-us.apache.org/repos/asf/ambari/blob/a444517b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml index abd8fb9..4abf0ec 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml @@ -479,6 +479,7 @@ <service name="RANGER"> <component name="RANGER_ADMIN"> <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_0_0_remove_bind_anonymous"/> <task xsi:type="execute" hosts="all"> <summary>Stop Ranger Admin</summary> <script>scripts/ranger_admin.py</script> @@ -505,6 +506,8 @@ </task> </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> + <upgrade> <task xsi:type="restart-task" /> </upgrade>