ambari git commit: AMBARI-20816 Create Ranger Hive Service during Hive Metastore restart (mugdha)

Sun, 23 Apr 2017 23:11:45 -0700 

Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 853ea8dbd -> 09e56c4b1


AMBARI-20816 Create Ranger Hive Service during Hive Metastore restart (mugdha)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/09e56c4b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/09e56c4b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/09e56c4b

Branch: refs/heads/branch-2.5
Commit: 09e56c4b15c98d07071e50f7d3546ac6f7ad9263
Parents: 853ea8d
Author: Mugdha Varadkar <mug...@apache.org>
Authored: Thu Apr 20 18:56:36 2017 +0530
Committer: Mugdha Varadkar <mug...@apache.org>
Committed: Mon Apr 24 11:40:08 2017 +0530

----------------------------------------------------------------------
 .../package/scripts/hive_metastore.py           |  3 +
 .../0.12.0.2.0/package/scripts/params_linux.py  |  7 +++
 .../package/scripts/setup_ranger_hive.py        | 58 ++++++++++++++++++++
 3 files changed, 68 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/09e56c4b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
 
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
index db7bb4a..633e82e 100644
--- 
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
+++ 
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py
@@ -35,6 +35,7 @@ from resource_management.libraries.functions.security_commons 
import get_params_
 from resource_management.libraries.functions.security_commons import 
validate_security_config_properties
 from resource_management.libraries.functions.security_commons import 
FILE_TYPE_XML
 from resource_management.core.resources.system import File
+from setup_ranger_hive import setup_ranger_hive_metastore_service
 
 from hive import create_metastore_schema, hive, jdbc_connector
 from hive_service import hive_service
@@ -61,6 +62,8 @@ class HiveMetastore(Script):
 
     hive_service('metastore', action='start', upgrade_type=upgrade_type)
 
+    # below function call is used for cluster depolyed in cloud env to create 
ranger hive service in ranger admin.
+    setup_ranger_hive_metastore_service()
 
   def stop(self, env, upgrade_type=None):
     import params

http://git-wip-us.apache.org/repos/asf/ambari/blob/09e56c4b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
 
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
index 5f2a36d..64cdfed 100644
--- 
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
+++ 
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py
@@ -823,3 +823,10 @@ if enable_ranger_hive:
     xa_audit_db_is_enabled = False
 
 # ranger hive plugin section end
+
+# below property is used for cluster deployed in cloud env to create ranger 
hive service in ranger admin
+# need to add it as custom property
+ranger_hive_metastore_lookup = 
default('/configurations/ranger-hive-plugin-properties/ranger.service.config.param.enable.hive.metastore.lookup',
 False)
+
+if security_enabled:
+  hive_metastore_principal_with_host = 
hive_metastore_principal.replace('_HOST', hostname.lower())
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/09e56c4b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
----------------------------------------------------------------------
diff --git 
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
 
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
index 80bd7c8..379b4ac 100644
--- 
a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
+++ 
b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py
@@ -18,6 +18,9 @@ limitations under the License.
 
 """
 from resource_management.core.logger import Logger
+from resource_management.libraries.functions.is_empty import is_empty
+from resource_management.libraries.functions.ranger_functions_v2 import 
RangeradminV2
+from resource_management.libraries.functions.setup_ranger_plugin_xml import 
generate_ranger_service_config
 
 def setup_ranger_hive(upgrade_type = None):
   import params
@@ -96,3 +99,58 @@ def setup_ranger_hive(upgrade_type = None):
                         stack_version_override = stack_version, 
skip_if_rangeradmin_down= not params.retryAble)
   else:
     Logger.info('Ranger Hive plugin is not enabled')
+
+def setup_ranger_hive_metastore_service():
+  """
+  Creates ranger hive service in ranger admin installed in same cluster for 
cluster depolyed in cloud env.
+  """
+  import params
+
+  if params.has_ranger_admin and params.ranger_hive_metastore_lookup:
+
+    repo_name = str(params.config['clusterName']) + '_hive'
+    repo_name_value = 
params.config['configurations']['ranger-hive-security']['ranger.plugin.hive.service.name']
+    if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}":
+      repo_name = repo_name_value
+
+    hive_ranger_plugin_config = {
+      'username': 
params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_USERNAME'],
+      'password': 
params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'],
+      'jdbc.driverClassName': 
params.config['configurations']['ranger-hive-plugin-properties']['jdbc.driverClassName'],
+      'jdbc.url': 'none',
+      'commonNameForCertificate': 
params.config['configurations']['ranger-hive-plugin-properties']['common.name.for.certificate'],
+      'ambari.service.check.user': 
params.config['configurations']['ranger-hive-plugin-properties']['policy_user']
+    }
+
+    if params.security_enabled:
+      hive_ranger_plugin_config['policy.download.auth.users'] = 
params.hive_user
+      hive_ranger_plugin_config['tag.download.auth.users'] = params.hive_user
+      hive_ranger_plugin_config['policy.grantrevoke.auth.users'] = 
params.hive_user
+
+    custom_ranger_service_config = 
generate_ranger_service_config(params.config['configurations']['ranger-hive-plugin-properties'])
+    if len(custom_ranger_service_config) > 0:
+      hive_ranger_plugin_config.update(custom_ranger_service_config)
+
+    hive_ranger_plugin_repo = {
+      'isEnabled': 'true',
+      'configs': hive_ranger_plugin_config,
+      'description': 'Hive service',
+      'name': repo_name,
+      'type': 'hive'
+    }
+
+    ranger_admin_obj = RangeradminV2(url = 
params.config['configurations']['ranger-hive-security']['ranger.plugin.hive.policy.rest.url'],
 skip_if_rangeradmin_down = not params.retryAble)
+    ranger_admin_obj.create_ranger_repository(
+      component = 'hive',
+      repo_name = repo_name,
+      repo_properties = hive_ranger_plugin_repo,
+      ambari_ranger_admin = 
params.config['configurations']['ranger-env']['ranger_admin_username'],
+      ambari_ranger_password = 
params.config['configurations']['ranger-env']['ranger_admin_password'],
+      admin_uname = 
params.config['configurations']['ranger-env']['admin_username'],
+      admin_password = 
params.config['configurations']['ranger-env']['admin_password'],
+      policy_user = 
params.config['configurations']['ranger-hive-plugin-properties']['policy_user'],
+      is_security_enabled = params.security_enabled,
+      is_stack_supports_ranger_kerberos = 
params.stack_supports_ranger_kerberos,
+      component_user = params.hive_user,
+      component_user_principal = params.hive_metastore_principal_with_host if 
params.security_enabled else None,
+      component_user_keytab = params.hive_metastore_keytab_path if 
params.security_enabled else None)

Reply via email to