Repository: ambari Updated Branches: refs/heads/branch-2.5 ddec834f4 -> 0a6dee672
AMBARI-20629 Take Ambari Cluster Name as a property in Ranger plugin configs (mugdha) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/0a6dee67 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/0a6dee67 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/0a6dee67 Branch: refs/heads/branch-2.5 Commit: 0a6dee67283a354e127a38b6d2cc5e1561fcd54b Parents: ddec834 Author: Mugdha Varadkar <mug...@apache.org> Authored: Tue Apr 4 10:32:19 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Tue Apr 4 18:22:14 2017 +0530 ---------------------------------------------------------------------- .../0.96.0.2.0/package/scripts/params_linux.py | 3 + .../2.1.0.2.0/package/scripts/params_linux.py | 5 +- .../KAFKA/0.8.1/package/scripts/params.py | 3 + .../0.5.0.2.2/package/scripts/params_linux.py | 3 + .../0.5.0.2.3/package/scripts/params.py | 5 +- .../2.1.0.2.0/package/scripts/params_linux.py | 3 + .../ATLAS/configuration/ranger-atlas-audit.xml | 33 ++++++ .../HBASE/configuration/ranger-hbase-audit.xml | 33 ++++++ .../HDFS/configuration/ranger-hdfs-audit.xml | 33 ++++++ .../HIVE/configuration/ranger-hive-audit.xml | 33 ++++++ .../KAFKA/configuration/ranger-kafka-audit.xml | 33 ++++++ .../KNOX/configuration/ranger-knox-audit.xml | 33 ++++++ .../configuration/ranger-kms-audit.xml | 33 ++++++ .../STORM/configuration/ranger-storm-audit.xml | 33 ++++++ .../YARN/configuration/ranger-yarn-audit.xml | 33 ++++++ .../stacks/HDP/2.6/upgrades/config-upgrade.xml | 108 +++++++++++++++++++ .../HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml | 53 ++++++++- .../stacks/HDP/2.6/upgrades/upgrade-2.6.xml | 33 ++++++ 18 files changed, 507 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py index bae6161..081fda1 100644 --- a/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HBASE/0.96.0.2.0/package/scripts/params_linux.py @@ -408,6 +408,9 @@ if enable_ranger_hbase: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger hbase plugin is enabled +cluster_name = config['clusterName'] + # ranger hbase plugin section end create_hbase_home_directory = check_stack_feature(StackFeature.HBASE_HOME_DIRECTORY, stack_version_formatted) http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py index 35ad895..94093b4 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HDFS/2.1.0.2.0/package/scripts/params_linux.py @@ -548,4 +548,7 @@ if enable_ranger_hdfs: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla': xa_audit_db_is_enabled = False -# ranger hdfs plugin section end +# need this to capture cluster name from where ranger hdfs plugin is enabled +cluster_name = config['clusterName'] + +# ranger hdfs plugin section end \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py index f56c2b7..23c65b7 100644 --- a/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/params.py @@ -296,6 +296,9 @@ if enable_ranger_kafka and is_supported_kafka_ranger: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor.lower() == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger kafka plugin is enabled +cluster_name = config['clusterName'] + # ranger kafka plugin section end namenode_hosts = default("/clusterHostInfo/namenode_host", []) http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py index 22f00c8..3fb6af9 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/params_linux.py @@ -396,6 +396,9 @@ if enable_ranger_knox: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger knox plugin is enabled +cluster_name = config['clusterName'] + # ranger knox plugin end section hdfs_user = config['configurations']['hadoop-env']['hdfs_user'] if has_namenode else None http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py index f2abe80..9fe0a61 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py @@ -293,4 +293,7 @@ ranger_kms_ssl_passwd = config['configurations']['ranger-kms-site']['ranger.serv ranger_kms_ssl_enabled = config['configurations']['ranger-kms-site']['ranger.service.https.attrib.ssl.enabled'] xa_audit_hdfs_is_enabled = default("/configurations/ranger-kms-audit/xasecure.audit.destination.hdfs", False) -namenode_host = default("/clusterHostInfo/namenode_host", []) \ No newline at end of file +namenode_host = default("/clusterHostInfo/namenode_host", []) + +# need this to capture cluster name from where ranger kms plugin is enabled +cluster_name = config['clusterName'] \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py index 9ba5cce..03f53d4 100644 --- a/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/YARN/2.1.0.2.0/package/scripts/params_linux.py @@ -493,4 +493,7 @@ if enable_ranger_yarn and is_supported_yarn_ranger: if has_ranger_admin and stack_supports_ranger_audit_db and xa_audit_db_flavor == 'sqla': xa_audit_db_is_enabled = False +# need this to capture cluster name from where ranger yarn plugin is enabled +cluster_name = config['clusterName'] + # ranger yarn plugin end section http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/ranger-atlas-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/ranger-atlas-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/ranger-atlas-audit.xml new file mode 100644 index 0000000..ecf9f9d --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/ATLAS/configuration/ranger-atlas-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.atlas.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger atlas plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HBASE/configuration/ranger-hbase-audit.xml new file mode 100644 index 0000000..f7ff00f --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HBASE/configuration/ranger-hbase-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.hbase.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger hbase plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/services/HDFS/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HDFS/configuration/ranger-hdfs-audit.xml new file mode 100644 index 0000000..a16b2fe --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HDFS/configuration/ranger-hdfs-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.hdfs.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger hdfs plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/ranger-hive-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/ranger-hive-audit.xml new file mode 100644 index 0000000..e1b2bf9 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/configuration/ranger-hive-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.hive.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger hive plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/services/KAFKA/configuration/ranger-kafka-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/KAFKA/configuration/ranger-kafka-audit.xml new file mode 100644 index 0000000..440b44e --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/KAFKA/configuration/ranger-kafka-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.kafka.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger kafka plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/services/KNOX/configuration/ranger-knox-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/KNOX/configuration/ranger-knox-audit.xml new file mode 100644 index 0000000..9dc3ec5 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/KNOX/configuration/ranger-knox-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.knox.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger knox plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER_KMS/configuration/ranger-kms-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER_KMS/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER_KMS/configuration/ranger-kms-audit.xml new file mode 100644 index 0000000..e755770 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/RANGER_KMS/configuration/ranger-kms-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.kms.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger kms plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/services/STORM/configuration/ranger-storm-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/STORM/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/STORM/configuration/ranger-storm-audit.xml new file mode 100644 index 0000000..9122d92 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/STORM/configuration/ranger-storm-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.storm.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger storm plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/ranger-yarn-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/ranger-yarn-audit.xml new file mode 100644 index 0000000..40a2f84 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/YARN/configuration/ranger-yarn-audit.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.yarn.ambari.cluster.name</name> + <value>{{cluster_name}}</value> + <description>Capture cluster name from where Ranger yarn plugin is enabled.</description> + <value-attributes> + <empty-value-valid>true</empty-value-valid> + </value-attributes> + <on-ambari-upgrade add="false"/> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml index 0d71244..ceed59b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml @@ -30,5 +30,113 @@ </component> </service> + <service name="HDFS"> + <component name="NAMENODE"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_hdfs_plugin_cluster_name"> + <type>ranger-hdfs-audit</type> + <set key="ranger.plugin.hdfs.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-hdfs-plugin-properties" if-key="ranger-hdfs-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="HIVE"> + <component name="HIVE_SERVER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_hive_plugin_cluster_name"> + <type>ranger-hive-audit</type> + <set key="ranger.plugin.hive.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-hive-audit" if-key="xasecure.audit.destination.solr" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="HBASE"> + <component name="HBASE_MASTER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_hbase_plugin_cluster_name"> + <type>ranger-hbase-audit</type> + <set key="ranger.plugin.hbase.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-hbase-plugin-properties" if-key="ranger-hbase-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="KNOX"> + <component name="KNOX_GATEWAY"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_knox_plugin_cluster_name"> + <type>ranger-knox-audit</type> + <set key="ranger.plugin.knox.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-knox-plugin-properties" if-key="ranger-knox-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="STORM"> + <component name="NIMBUS"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_storm_plugin_cluster_name"> + <type>ranger-storm-audit</type> + <set key="ranger.plugin.storm.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-storm-plugin-properties" if-key="ranger-storm-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="YARN"> + <component name="RESOURCEMANAGER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_yarn_plugin_cluster_name"> + <type>ranger-yarn-audit</type> + <set key="ranger.plugin.yarn.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-yarn-plugin-properties" if-key="ranger-yarn-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="KAFKA"> + <component name="KAFKA_BROKER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_kafka_plugin_cluster_name"> + <type>ranger-kafka-audit</type> + <set key="ranger.plugin.kafka.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-kafka-plugin-properties" if-key="ranger-kafka-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="ATLAS"> + <component name="ATLAS_SERVER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_atlas_plugin_cluster_name"> + <type>ranger-atlas-audit</type> + <set key="ranger.plugin.atlas.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-atlas-plugin-properties" if-key="ranger-atlas-plugin-enabled" if-key-state="present"/> + </definition> + </changes> + </component> + </service> + + <service name="RANGER_KMS"> + <component name="RANGER_KMS_SERVER"> + <changes> + <definition xsi:type="configure" id="hdp_2_6_maint_ranger_kms_plugin_cluster_name"> + <type>ranger-kms-audit</type> + <set key="ranger.plugin.kms.ambari.cluster.name" value="{{cluster_name}}" + if-type="ranger-kms-audit" if-key="ranger.plugin.kms.ambari.cluster.name" if-key-state="absent"/> + </definition> + </changes> + </component> + </service> + </services> </upgrade-config-changes> http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml index 949773f..ce57b92 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml @@ -273,13 +273,58 @@ </execute-stage> </group> - <!-- ToDo: on config updates, this section need to be uncommented and extended with the changes + <group xsi:type="cluster" name="Upgrade service configs" title="Upgrade service configs"> - <direction>UPGRADE</direction> - <skippable>true</skippable> + <direction>UPGRADE</direction> <!-- prevent config changes on downgrade --> + <skippable>true</skippable> <!-- May fix configuration problems manually --> + + <!-- HDFS --> + <execute-stage service="HDFS" component="NAMENODE" title="Apply config changes for Ranger Hdfs plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hdfs_plugin_cluster_name"/> + </execute-stage> + + <!-- HIVE --> + <execute-stage service="HIVE" component="HIVE_SERVER" title="Apply config changes for Ranger Hive plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hive_plugin_cluster_name"/> + </execute-stage> + + <!-- HBASE --> + <execute-stage service="HBASE" component="HBASE_MASTER" title="Apply config changes for Ranger Hbase plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hbase_plugin_cluster_name"/> + </execute-stage> + + <!-- KNOX --> + <execute-stage service="KNOX" component="KNOX_GATEWAY" title="Apply config changes for Ranger Knox plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_knox_plugin_cluster_name"/> + </execute-stage> + + <!-- STORM --> + <execute-stage service="STORM" component="NIMBUS" title="Apply config changes for Ranger Storm plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_storm_plugin_cluster_name"/> + </execute-stage> + + <!-- YARN --> + <execute-stage service="YARN" component="RESOURCEMANAGER" title="Apply config changes for Ranger Yarn plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_yarn_plugin_cluster_name"/> + </execute-stage> + + <!-- KAFKA --> + <execute-stage service="KAFKA" component="KAFKA_BROKER" title="Apply config changes for Ranger Kafka plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_kafka_plugin_cluster_name"/> + </execute-stage> + + <!-- ATLAS --> + <execute-stage service="ATLAS" component="ATLAS_SERVER" title="Apply config changes for Ranger Atlas plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_atlas_plugin_cluster_name"/> + </execute-stage> + + <!-- KMS --> + <execute-stage service="RANGER_KMS" component="RANGER_KMS_SERVER" title="Apply config changes for Ranger Kms plugin"> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_kms_plugin_cluster_name"/> + </execute-stage> </group> - --> + <!-- After processing this group, the user-specified Kerberos descriptor will be updated to work with http://git-wip-us.apache.org/repos/asf/ambari/blob/0a6dee67/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml index c144ae6..be13c3e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml @@ -553,6 +553,7 @@ <service name="RANGER_KMS"> <component name="RANGER_KMS_SERVER"> <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_kms_plugin_cluster_name"/> <task xsi:type="execute" hosts="any" sequential="true"> <summary>Upgrading Ranger KMS database schema</summary> <script>scripts/kms_server.py</script> @@ -576,6 +577,10 @@ <service name="KAFKA"> <component name="KAFKA_BROKER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_kafka_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -584,6 +589,10 @@ <service name="HDFS"> <component name="NAMENODE"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hdfs_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -658,6 +667,10 @@ </component> <component name="RESOURCEMANAGER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_yarn_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -678,6 +691,10 @@ <service name="HBASE"> <component name="HBASE_MASTER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hbase_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -750,6 +767,10 @@ </component> <component name="HIVE_SERVER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_hive_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -898,6 +919,10 @@ <service name="KNOX"> <component name="KNOX_GATEWAY"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_knox_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -906,6 +931,10 @@ <service name="STORM"> <component name="NIMBUS"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_storm_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task" /> </upgrade> @@ -970,6 +999,10 @@ <service name="ATLAS"> <component name="ATLAS_SERVER"> + <pre-upgrade> + <task xsi:type="configure" id="hdp_2_6_maint_ranger_atlas_plugin_cluster_name"/> + </pre-upgrade> + <pre-downgrade/> <!-- no-op to prevent config changes on downgrade --> <upgrade> <task xsi:type="restart-task"/> </upgrade>