Repository: ambari Updated Branches: refs/heads/trunk e0e8a041b -> d711d7a1f
AMBARI-20629 Take Ambari Cluster Name as a property in Ranger plugin configs (mugdha) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d711d7a1 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d711d7a1 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d711d7a1 Branch: refs/heads/trunk Commit: d711d7a1f90074ab65431e6f58c6551e224df43b Parents: e0e8a04 Author: Mugdha Varadkar <mug...@apache.org> Authored: Tue Apr 4 10:33:57 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Tue Apr 4 18:15:09 2017 +0530 ---------------------------------------------------------------------- .../0.96.0.2.0/package/scripts/params_linux.py | 3 + .../2.1.0.2.0/package/scripts/params_linux.py | 5 +- .../configuration/ranger-hdfs-audit.xml | 9 ++ .../3.0.0.3.0/package/scripts/params_linux.py | 3 + .../configuration/ranger-hive-audit.xml | 9 ++ .../KAFKA/0.8.1/package/scripts/params.py | 3 + .../0.5.0.2.2/package/scripts/params_linux.py | 3 + .../0.5.0.2.3/package/scripts/params.py | 5 +- .../2.1.0.2.0/package/scripts/params_linux.py | 3 + .../configuration/ranger-yarn-audit.xml | 9 ++ .../3.0.0.3.0/package/scripts/params_linux.py | 3 + .../ATLAS/configuration/ranger-atlas-audit.xml | 33 ++++++ .../HBASE/configuration/ranger-hbase-audit.xml | 33 ++++++ .../HDFS/configuration/ranger-hdfs-audit.xml | 33 ++++++ .../HIVE/configuration/ranger-hive-audit.xml | 33 ++++++ .../KAFKA/configuration/ranger-kafka-audit.xml | 33 ++++++ .../KNOX/configuration/ranger-knox-audit.xml | 33 ++++++ .../configuration/ranger-kms-audit.xml | 33 ++++++ .../STORM/configuration/ranger-storm-audit.xml | 33 ++++++ .../YARN/configuration/ranger-yarn-audit.xml | 33 ++++++ .../stacks/HDP/2.6/upgrades/config-upgrade.xml | 108 +++++++++++++++++++ .../HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml | 53 ++++++++- .../stacks/HDP/2.6/upgrades/upgrade-2.6.xml | 33 ++++++ 23 files changed, 540 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py index e78bfc2..3177643 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py @@ -408,6 +408,9 @@ if enable_ranger_hbase: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger hbase plugin is enabled +cluster_name = config['clusterName'] + # ranger hbase plugin section end create_hbase_home_directory = check_stack_feature(StackFeature.HBASE_HOME_DIRECTORY, stack_version_formatted) http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py index b8785f3..f0566d7 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py @@ -547,4 +547,7 @@ if enable_ranger_hdfs: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla': xa_audit_db_is_enabled = False -# ranger hdfs plugin section end +# need this to capture cluster name from where ranger hdfs plugin is enabled +cluster_name = config['clusterName'] + +# ranger hdfs plugin section end \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml index 731b136..02b195f 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/configuration/ranger-hdfs-audit.xml @@ -120,4 +120,13 @@ </value-attributes> <on-ambari-upgrade add="false"/> </property> + <property> + <name>ranger.plugin.hdfs.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger hdfs plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/params_linux.py index 4fa6f0c..58bb65f 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/package/scripts/params_linux.py @@ -543,4 +543,7 @@ if enable_ranger_hdfs: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger hdfs plugin is enabled +cluster_name = config['clusterName'] + # ranger hdfs plugin section end http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/configuration/ranger-hive-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/configuration/ranger-hive-audit.xml index 95edb38..fc1c5ad 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/configuration/ranger-hive-audit.xml +++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/configuration/ranger-hive-audit.xml @@ -118,4 +118,13 @@ </value-attributes> <on-ambari-upgrade add="false"/> </property> + <property> + <name>ranger.plugin.hive.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger hive plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py index 5b9db89..32f18f2 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py @@ -296,6 +296,9 @@ if enable_ranger_kafka and is_supported_kafka_ranger: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger kafka plugin is enabled +cluster_name = config['clusterName'] + # ranger kafka plugin section end namenode_hosts = default("/clusterHostInfo/namenode_host", []) http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py index 5c07fa4..4558069 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py @@ -390,6 +390,9 @@ if enable_ranger_knox: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger knox plugin is enabled +cluster_name = config['clusterName'] + # ranger knox plugin end section hdfs_user = config['configurations']['hadoop-env']['hdfs_user'] if has_namenode else None http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py index f2abe80..9fe0a61 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py @@ -293,4 +293,7 @@ ranger_kms_ssl_passwd = config['configurations']['ranger-kms-site']['ranger.serv ranger_kms_ssl_enabled = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.ssl.enabled'] xa_audit_hdfs_is_enabled = default("/configurations/ranger-kms-audit/xasecure.audit.destination.hdfs", False) -namenode_host = default("/clusterHostInfo/namenode_host", []) \ No newline at end of file +namenode_host = default("/clusterHostInfo/namenode_host", []) + +# need this to capture cluster name from where ranger kms plugin is enabled +cluster_name = config['clusterName'] \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py index 88be29c..3579fcb 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py @@ -500,4 +500,7 @@ if enable_ranger_yarn and is_supported_yarn_ranger: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger yarn plugin is enabled +cluster_name = config['clusterName'] + # ranger yarn plugin end section http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/configuration/ranger-yarn-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/configuration/ranger-yarn-audit.xml index a6b1baa..7a865b8 100644 --- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/configuration/ranger-yarn-audit.xml +++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/configuration/ranger-yarn-audit.xml @@ -174,4 +174,13 @@ </value-attributes> <on-ambari-upgrade add="false"/> </property> + <property> + <name>ranger.plugin.yarn.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger yarn plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py index a8cdda9..66194ed 100644 --- a/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/YARN/3.0.0.3.0/package/scripts/params_linux.py @@ -496,4 +496,7 @@ if enable_ranger_yarn and is_supported_yarn_ranger: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger yarn plugin is enabled +cluster_name = config['clusterName'] + # ranger yarn plugin end section http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/ranger-atlas-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/ranger-atlas-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/ranger-atlas-audit.xml new file mode 100644 index 0000000..ecf9f9d --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/ranger-atlas-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.atlas.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger atlas plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HBASE/configuration/ranger-hbase-audit.xml new file mode 100644 index 0000000..f7ff00f --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HBASE/configuration/ranger-hbase-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.hbase.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger hbase plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/services/HDFS/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HDFS/configuration/ranger-hdfs-audit.xml new file mode 100644 index 0000000..dbc5b5d --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HDFS/configuration/ranger-hdfs-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.hdfs.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger hdfs plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/ranger-hive-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/ranger-hive-audit.xml new file mode 100644 index 0000000..e1b2bf9 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/ranger-hive-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.hive.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger hive plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/services/KAFKA/configuration/ranger-kafka-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/KAFKA/configuration/ranger-kafka-audit.xml new file mode 100644 index 0000000..440b44e --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/KAFKA/configuration/ranger-kafka-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.kafka.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger kafka plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/services/KNOX/configuration/ranger-knox-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/KNOX/configuration/ranger-knox-audit.xml new file mode 100644 index 0000000..9dc3ec5 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/KNOX/configuration/ranger-knox-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.knox.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger knox plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER_KMS/configuration/ranger-kms-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER_KMS/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER_KMS/configuration/ranger-kms-audit.xml new file mode 100644 index 0000000..e755770 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER_KMS/configuration/ranger-kms-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.kms.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger kms plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/services/STORM/configuration/ranger-storm-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/STORM/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/STORM/configuration/ranger-storm-audit.xml new file mode 100644 index 0000000..9122d92 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/STORM/configuration/ranger-storm-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.storm.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger storm plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/ranger-yarn-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/ranger-yarn-audit.xml new file mode 100644 index 0000000..40a2f84 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/ranger-yarn-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.yarn.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger yarn plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml index 0d71244..ceed59b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml @@ -30,5 +30,113 @@ </component> </service> + <service name="HDFS"> + <component name="NAMENODE"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_hdfs_plugin_cluster_name"> + <type>ranger-hdfs-audit</type> + <set key="ranger.plugin.hdfs.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-hdfs-plugin-properties" if-key="ranger-hdfs-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="HIVE"> + <component name="HIVE_SERVER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_hive_plugin_cluster_name"> + <type>ranger-hive-audit</type> + <set key="ranger.plugin.hive.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-hive-audit" if-key="xasecure.audit.destination.solr" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="HBASE"> + <component name="HBASE_MASTER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_hbase_plugin_cluster_name"> + <type>ranger-hbase-audit</type> + <set key="ranger.plugin.hbase.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-hbase-plugin-properties" if-key="ranger-hbase-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="KNOX"> + <component name="KNOX_GATEWAY"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_knox_plugin_cluster_name"> + <type>ranger-knox-audit</type> + <set key="ranger.plugin.knox.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-knox-plugin-properties" if-key="ranger-knox-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="STORM"> + <component name="NIMBUS"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_storm_plugin_cluster_name"> + <type>ranger-storm-audit</type> + <set key="ranger.plugin.storm.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-storm-plugin-properties" if-key="ranger-storm-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="YARN"> + <component name="RESOURCEMANAGER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_yarn_plugin_cluster_name"> + <type>ranger-yarn-audit</type> + <set key="ranger.plugin.yarn.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-yarn-plugin-properties" if-key="ranger-yarn-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="KAFKA"> + <component name="KAFKA_BROKER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_kafka_plugin_cluster_name"> + <type>ranger-kafka-audit</type> + <set key="ranger.plugin.kafka.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-kafka-plugin-properties" if-key="ranger-kafka-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="ATLAS"> + <component name="ATLAS_SERVER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_atlas_plugin_cluster_name"> + <type>ranger-atlas-audit</type> + <set key="ranger.plugin.atlas.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-atlas-plugin-properties" if-key="ranger-atlas-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="RANGER_KMS"> + <component name="RANGER_KMS_SERVER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_kms_plugin_cluster_name"> + <type>ranger-kms-audit</type> + <set key="ranger.plugin.kms.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-kms-audit" if-key="ranger.plugin.kms.ambari.cluster.name" if-key-state="absent"/> + </definition> + </changes> + </component> + </service> + </services> </upgrade-config-changes> http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml index 68c58c0..ce07f7a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml @@ -284,13 +284,58 @@ </execute-stage> </group> - <!-- ToDo: on config updates, this section need to be uncommented and extended with the changes + <group xsi:type="cluster" name="Upgrade service configs" title="Upgrade service configs"> - <direction>UPGRADE</direction> - <skippable>true</skippable> + <direction>UPGRADE</direction> <!-- prevent config changes on downgrade --> + <skippable>true</skippable> <!-- May fix configuration problems manually --> + + <!-- HDFS --> + <execute-stage service="HDFS" component="NAMENODE" title="Apply config changes for Ranger Hdfs plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hdfs_plugin_cluster_name"/> + </execute-stage> + + <!-- HIVE --> + <execute-stage service="HIVE" component="HIVE_SERVER" title="Apply config changes for Ranger Hive plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hive_plugin_cluster_name"/> + </execute-stage> + + <!-- HBASE --> + <execute-stage service="HBASE" component="HBASE_MASTER" title="Apply config changes for Ranger Hbase plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hbase_plugin_cluster_name"/> + </execute-stage> + + <!-- KNOX --> + <execute-stage service="KNOX" component="KNOX_GATEWAY" title="Apply config changes for Ranger Knox plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_knox_plugin_cluster_name"/> + </execute-stage> + + <!-- STORM --> + <execute-stage service="STORM" component="NIMBUS" title="Apply config changes for Ranger Storm plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_storm_plugin_cluster_name"/> + </execute-stage> + + <!-- YARN --> + <execute-stage service="YARN" component="RESOURCEMANAGER" title="Apply config changes for Ranger Yarn plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_yarn_plugin_cluster_name"/> + </execute-stage> + + <!-- KAFKA --> + <execute-stage service="KAFKA" component="KAFKA_BROKER" title="Apply config changes for Ranger Kafka plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_kafka_plugin_cluster_name"/> + </execute-stage> + + <!-- ATLAS --> + <execute-stage service="ATLAS" component="ATLAS_SERVER" title="Apply config changes for Ranger Atlas plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_atlas_plugin_cluster_name"/> + </execute-stage> + + <!-- KMS --> + <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Apply config changes for Ranger Kms plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_kms_plugin_cluster_name"/> + </execute-stage> </group> - --> + <!-- After processing this group, the user-specified Kerberos descriptor will be updated to work with http://git-wip-us.apache.org/repos/asf/ambari/blob/d711d7a1/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml index 01f11e4..fd72e4d 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml @@ -569,6 +569,7 @@ <service name="RANGER_KMS"> <component name="RANGER_KMS_SERVER"> <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_kms_plugin_cluster_name"/> <task xsi:type="execute" hosts="any" sequential="true"> <summary>Upgrading Ranger KMS database schema</summary> <script>scripts/kms_server.py</script> @@ -592,6 +593,10 @@ <service name="KAFKA"> <component name="KAFKA_BROKER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_kafka_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -600,6 +605,10 @@ <service name="HDFS"> <component name="NAMENODE"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hdfs_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -674,6 +683,10 @@ </component> <component name="RESOURCEMANAGER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_yarn_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -694,6 +707,10 @@ <service name="HBASE"> <component name="HBASE_MASTER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hbase_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -766,6 +783,10 @@ </component> <component name="HIVE_SERVER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hive_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -914,6 +935,10 @@ <service name="KNOX"> <component name="KNOX_GATEWAY"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_knox_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -922,6 +947,10 @@ <service name="STORM"> <component name="NIMBUS"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_storm_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -986,6 +1015,10 @@ <service name="ATLAS"> <component name="ATLAS_SERVER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_atlas_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task"/> </upgrade>