Repository: ambari Updated Branches: refs/heads/trunk e5fff5825 -> 150ab25eb
AMBARI-20816 Create Ranger Hive Service during Hive Metastore restart (mugdha) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/150ab25e Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/150ab25e Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/150ab25e Branch: refs/heads/trunk Commit: 150ab25eb18fa031658bfdb698929bc5bff88926 Parents: e5fff58 Author: Mugdha Varadkar <mug...@apache.org> Authored: Fri Apr 21 18:04:05 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Mon Apr 24 11:42:18 2017 +0530 ---------------------------------------------------------------------- .../package/scripts/hive_metastore.py | 3 + .../0.12.0.2.0/package/scripts/params_linux.py | 7 +++ .../package/scripts/setup_ranger_hive.py | 58 ++++++++++++++++++++ .../2.1.0.3.0/package/scripts/hive_metastore.py | 3 + .../2.1.0.3.0/package/scripts/params_linux.py | 7 +++ .../package/scripts/setup_ranger_hive.py | 58 ++++++++++++++++++++ 6 files changed, 136 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/150ab25e/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py index 2dc6906..99eb8b5 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py @@ -35,6 +35,7 @@ from resource_management.libraries.functions.security_commons import get_params_ from resource_management.libraries.functions.security_commons import validate_security_config_properties from resource_management.libraries.functions.security_commons import FILE_TYPE_XML from resource_management.core.resources.system import File +from setup_ranger_hive import setup_ranger_hive_metastore_service from hive import create_metastore_schema, hive, jdbc_connector from hive_service import hive_service @@ -61,6 +62,8 @@ class HiveMetastore(Script): hive_service('metastore', action='start', upgrade_type=upgrade_type) + # below function call is used for cluster depolyed in cloud env to create ranger hive service in ranger admin. + setup_ranger_hive_metastore_service() def stop(self, env, upgrade_type=None): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/150ab25e/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py index 84bac38..7615ee7 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/params_linux.py @@ -824,3 +824,10 @@ if enable_ranger_hive: xa_audit_db_is_enabled = False # ranger hive plugin section end + +# below property is used for cluster deployed in cloud env to create ranger hive service in ranger admin +# need to add it as custom property +ranger_hive_metastore_lookup = default('/configurations/ranger-hive-plugin-properties/ranger.service.config.param.enable.hive.metastore.lookup', False) + +if security_enabled: + hive_metastore_principal_with_host = hive_metastore_principal.replace('_HOST', hostname.lower()) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/150ab25e/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py index 80bd7c8..379b4ac 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py @@ -18,6 +18,9 @@ limitations under the License. """ from resource_management.core.logger import Logger +from resource_management.libraries.functions.is_empty import is_empty +from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2 +from resource_management.libraries.functions.setup_ranger_plugin_xml import generate_ranger_service_config def setup_ranger_hive(upgrade_type = None): import params @@ -96,3 +99,58 @@ def setup_ranger_hive(upgrade_type = None): stack_version_override = stack_version, skip_if_rangeradmin_down= not params.retryAble) else: Logger.info('Ranger Hive plugin is not enabled') + +def setup_ranger_hive_metastore_service(): + """ + Creates ranger hive service in ranger admin installed in same cluster for cluster depolyed in cloud env. + """ + import params + + if params.has_ranger_admin and params.ranger_hive_metastore_lookup: + + repo_name = str(params.config['clusterName']) + '_hive' + repo_name_value = params.config['configurations']['ranger-hive-security']['ranger.plugin.hive.service.name'] + if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}": + repo_name = repo_name_value + + hive_ranger_plugin_config = { + 'username': params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_USERNAME'], + 'password': params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'], + 'jdbc.driverClassName': params.config['configurations']['ranger-hive-plugin-properties']['jdbc.driverClassName'], + 'jdbc.url': 'none', + 'commonNameForCertificate': params.config['configurations']['ranger-hive-plugin-properties']['common.name.for.certificate'], + 'ambari.service.check.user': params.config['configurations']['ranger-hive-plugin-properties']['policy_user'] + } + + if params.security_enabled: + hive_ranger_plugin_config['policy.download.auth.users'] = params.hive_user + hive_ranger_plugin_config['tag.download.auth.users'] = params.hive_user + hive_ranger_plugin_config['policy.grantrevoke.auth.users'] = params.hive_user + + custom_ranger_service_config = generate_ranger_service_config(params.config['configurations']['ranger-hive-plugin-properties']) + if len(custom_ranger_service_config) > 0: + hive_ranger_plugin_config.update(custom_ranger_service_config) + + hive_ranger_plugin_repo = { + 'isEnabled': 'true', + 'configs': hive_ranger_plugin_config, + 'description': 'Hive service', + 'name': repo_name, + 'type': 'hive' + } + + ranger_admin_obj = RangeradminV2(url = params.config['configurations']['ranger-hive-security']['ranger.plugin.hive.policy.rest.url'], skip_if_rangeradmin_down = not params.retryAble) + ranger_admin_obj.create_ranger_repository( + component = 'hive', + repo_name = repo_name, + repo_properties = hive_ranger_plugin_repo, + ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username'], + ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password'], + admin_uname = params.config['configurations']['ranger-env']['admin_username'], + admin_password = params.config['configurations']['ranger-env']['admin_password'], + policy_user = params.config['configurations']['ranger-hive-plugin-properties']['policy_user'], + is_security_enabled = params.security_enabled, + is_stack_supports_ranger_kerberos = params.stack_supports_ranger_kerberos, + component_user = params.hive_user, + component_user_principal = params.hive_metastore_principal_with_host if params.security_enabled else None, + component_user_keytab = params.hive_metastore_keytab_path if params.security_enabled else None) http://git-wip-us.apache.org/repos/asf/ambari/blob/150ab25e/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py index 2dc6906..99eb8b5 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py +++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive_metastore.py @@ -35,6 +35,7 @@ from resource_management.libraries.functions.security_commons import get_params_ from resource_management.libraries.functions.security_commons import validate_security_config_properties from resource_management.libraries.functions.security_commons import FILE_TYPE_XML from resource_management.core.resources.system import File +from setup_ranger_hive import setup_ranger_hive_metastore_service from hive import create_metastore_schema, hive, jdbc_connector from hive_service import hive_service @@ -61,6 +62,8 @@ class HiveMetastore(Script): hive_service('metastore', action='start', upgrade_type=upgrade_type) + # below function call is used for cluster depolyed in cloud env to create ranger hive service in ranger admin. + setup_ranger_hive_metastore_service() def stop(self, env, upgrade_type=None): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/150ab25e/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/params_linux.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/params_linux.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/params_linux.py index 84bac38..7615ee7 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/params_linux.py +++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/params_linux.py @@ -824,3 +824,10 @@ if enable_ranger_hive: xa_audit_db_is_enabled = False # ranger hive plugin section end + +# below property is used for cluster deployed in cloud env to create ranger hive service in ranger admin +# need to add it as custom property +ranger_hive_metastore_lookup = default('/configurations/ranger-hive-plugin-properties/ranger.service.config.param.enable.hive.metastore.lookup', False) + +if security_enabled: + hive_metastore_principal_with_host = hive_metastore_principal.replace('_HOST', hostname.lower()) \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/150ab25e/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/setup_ranger_hive.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/setup_ranger_hive.py b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/setup_ranger_hive.py index 80bd7c8..379b4ac 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/setup_ranger_hive.py +++ b/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/setup_ranger_hive.py @@ -18,6 +18,9 @@ limitations under the License. """ from resource_management.core.logger import Logger +from resource_management.libraries.functions.is_empty import is_empty +from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2 +from resource_management.libraries.functions.setup_ranger_plugin_xml import generate_ranger_service_config def setup_ranger_hive(upgrade_type = None): import params @@ -96,3 +99,58 @@ def setup_ranger_hive(upgrade_type = None): stack_version_override = stack_version, skip_if_rangeradmin_down= not params.retryAble) else: Logger.info('Ranger Hive plugin is not enabled') + +def setup_ranger_hive_metastore_service(): + """ + Creates ranger hive service in ranger admin installed in same cluster for cluster depolyed in cloud env. + """ + import params + + if params.has_ranger_admin and params.ranger_hive_metastore_lookup: + + repo_name = str(params.config['clusterName']) + '_hive' + repo_name_value = params.config['configurations']['ranger-hive-security']['ranger.plugin.hive.service.name'] + if not is_empty(repo_name_value) and repo_name_value != "{{repo_name}}": + repo_name = repo_name_value + + hive_ranger_plugin_config = { + 'username': params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_USERNAME'], + 'password': params.config['configurations']['ranger-hive-plugin-properties']['REPOSITORY_CONFIG_PASSWORD'], + 'jdbc.driverClassName': params.config['configurations']['ranger-hive-plugin-properties']['jdbc.driverClassName'], + 'jdbc.url': 'none', + 'commonNameForCertificate': params.config['configurations']['ranger-hive-plugin-properties']['common.name.for.certificate'], + 'ambari.service.check.user': params.config['configurations']['ranger-hive-plugin-properties']['policy_user'] + } + + if params.security_enabled: + hive_ranger_plugin_config['policy.download.auth.users'] = params.hive_user + hive_ranger_plugin_config['tag.download.auth.users'] = params.hive_user + hive_ranger_plugin_config['policy.grantrevoke.auth.users'] = params.hive_user + + custom_ranger_service_config = generate_ranger_service_config(params.config['configurations']['ranger-hive-plugin-properties']) + if len(custom_ranger_service_config) > 0: + hive_ranger_plugin_config.update(custom_ranger_service_config) + + hive_ranger_plugin_repo = { + 'isEnabled': 'true', + 'configs': hive_ranger_plugin_config, + 'description': 'Hive service', + 'name': repo_name, + 'type': 'hive' + } + + ranger_admin_obj = RangeradminV2(url = params.config['configurations']['ranger-hive-security']['ranger.plugin.hive.policy.rest.url'], skip_if_rangeradmin_down = not params.retryAble) + ranger_admin_obj.create_ranger_repository( + component = 'hive', + repo_name = repo_name, + repo_properties = hive_ranger_plugin_repo, + ambari_ranger_admin = params.config['configurations']['ranger-env']['ranger_admin_username'], + ambari_ranger_password = params.config['configurations']['ranger-env']['ranger_admin_password'], + admin_uname = params.config['configurations']['ranger-env']['admin_username'], + admin_password = params.config['configurations']['ranger-env']['admin_password'], + policy_user = params.config['configurations']['ranger-hive-plugin-properties']['policy_user'], + is_security_enabled = params.security_enabled, + is_stack_supports_ranger_kerberos = params.stack_supports_ranger_kerberos, + component_user = params.hive_user, + component_user_principal = params.hive_metastore_principal_with_host if params.security_enabled else None, + component_user_keytab = params.hive_metastore_keytab_path if params.security_enabled else None)