Repository: ambari Updated Branches: refs/heads/trunk 37960b421 -> 423d836d0
AMBARI-20868: Ranger admin start fails when Ambari Infra is turned off. (Vishal Suvagia via mugdha) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/423d836d Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/423d836d Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/423d836d Branch: refs/heads/trunk Commit: 423d836d0e2024f6d0c7adaea074982cfdf88a2f Parents: 37960b4 Author: Vishal Suvagia <vishalsuva...@yahoo.com> Authored: Thu May 4 18:31:12 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Thu May 4 19:43:00 2017 +0530 ---------------------------------------------------------------------- .../0.4.0/package/scripts/setup_ranger_xml.py | 119 ++++++++++--------- .../0.7.0/properties/ranger-solrconfig.xml.j2 | 9 +- .../stacks/HDP/2.6/services/stack_advisor.py | 4 +- 3 files changed, 65 insertions(+), 67 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/423d836d/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py index e56a705..26e6578 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py @@ -35,6 +35,7 @@ from resource_management.core.utils import PasswordString from resource_management.core.shell import as_sudo from resource_management.libraries.functions import solr_cloud_util from ambari_commons.constants import UPGRADE_TYPE_NON_ROLLING, UPGRADE_TYPE_ROLLING +from resource_management.core.exceptions import ExecutionFailed # This file contains functions used for setup/configure of Ranger Admin and Ranger Usersync. # The design is to mimic what is done by the setup.sh script bundled by Ranger component currently. @@ -684,70 +685,72 @@ def setup_ranger_audit_solr(): content=Template("ranger_solr_jaas_conf.j2"), owner=params.unix_user ) + try: + check_znode() + + if params.stack_supports_ranger_solr_configs: + Logger.info('Solr configrations supported,creating solr-configurations.') + File(format("{ranger_solr_conf}/solrconfig.xml"), + content=InlineTemplate(params.ranger_solr_config_content), + owner=params.unix_user, + group=params.unix_group, + mode=0644 + ) - check_znode() - - if params.stack_supports_ranger_solr_configs: - Logger.info('Solr configrations supported,creating solr-configurations.') - File(format("{ranger_solr_conf}/solrconfig.xml"), - content=InlineTemplate(params.ranger_solr_config_content), - owner=params.unix_user, - group=params.unix_group, - mode=0644 - ) - - solr_cloud_util.upload_configuration_to_zk( - zookeeper_quorum = params.zookeeper_quorum, - solr_znode = params.solr_znode, - config_set = params.ranger_solr_config_set, - config_set_dir = params.ranger_solr_conf, - tmp_dir = params.tmp_dir, - java64_home = params.java_home, - solrconfig_content = InlineTemplate(params.ranger_solr_config_content), - jaas_file=params.solr_jaas_file, - retry=30, interval=5 - ) + solr_cloud_util.upload_configuration_to_zk( + zookeeper_quorum = params.zookeeper_quorum, + solr_znode = params.solr_znode, + config_set = params.ranger_solr_config_set, + config_set_dir = params.ranger_solr_conf, + tmp_dir = params.tmp_dir, + java64_home = params.java_home, + solrconfig_content = InlineTemplate(params.ranger_solr_config_content), + jaas_file=params.solr_jaas_file, + retry=30, interval=5 + ) - else: - Logger.info('Solr configrations not supported, skipping solr-configurations.') - solr_cloud_util.upload_configuration_to_zk( + else: + Logger.info('Solr configrations not supported, skipping solr-configurations.') + solr_cloud_util.upload_configuration_to_zk( + zookeeper_quorum = params.zookeeper_quorum, + solr_znode = params.solr_znode, + config_set = params.ranger_solr_config_set, + config_set_dir = params.ranger_solr_conf, + tmp_dir = params.tmp_dir, + java64_home = params.java_home, + jaas_file=params.solr_jaas_file, + retry=30, interval=5) + + if params.security_enabled and params.has_infra_solr \ + and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos: + + solr_cloud_util.add_solr_roles(params.config, + roles = [params.infra_solr_role_ranger_admin, params.infra_solr_role_ranger_audit, params.infra_solr_role_dev], + new_service_principals = [params.ranger_admin_jaas_principal]) + service_default_principals_map = [('hdfs', 'nn'), ('hbase', 'hbase'), ('hive', 'hive'), ('kafka', 'kafka'), ('kms', 'rangerkms'), + ('knox', 'knox'), ('nifi', 'nifi'), ('storm', 'storm'), ('yanr', 'yarn')] + service_principals = get_ranger_plugin_principals(service_default_principals_map) + solr_cloud_util.add_solr_roles(params.config, + roles = [params.infra_solr_role_ranger_audit, params.infra_solr_role_dev], + new_service_principals = service_principals) + + + solr_cloud_util.create_collection( zookeeper_quorum = params.zookeeper_quorum, solr_znode = params.solr_znode, + collection = params.ranger_solr_collection_name, config_set = params.ranger_solr_config_set, - config_set_dir = params.ranger_solr_conf, - tmp_dir = params.tmp_dir, java64_home = params.java_home, - jaas_file=params.solr_jaas_file, - retry=30, interval=5) - - if params.security_enabled and params.has_infra_solr \ - and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos: - - solr_cloud_util.add_solr_roles(params.config, - roles = [params.infra_solr_role_ranger_admin, params.infra_solr_role_ranger_audit, params.infra_solr_role_dev], - new_service_principals = [params.ranger_admin_jaas_principal]) - service_default_principals_map = [('hdfs', 'nn'), ('hbase', 'hbase'), ('hive', 'hive'), ('kafka', 'kafka'), ('kms', 'rangerkms'), - ('knox', 'knox'), ('nifi', 'nifi'), ('storm', 'storm'), ('yanr', 'yarn')] - service_principals = get_ranger_plugin_principals(service_default_principals_map) - solr_cloud_util.add_solr_roles(params.config, - roles = [params.infra_solr_role_ranger_audit, params.infra_solr_role_dev], - new_service_principals = service_principals) - - - solr_cloud_util.create_collection( - zookeeper_quorum = params.zookeeper_quorum, - solr_znode = params.solr_znode, - collection = params.ranger_solr_collection_name, - config_set = params.ranger_solr_config_set, - java64_home = params.java_home, - shards = params.ranger_solr_shards, - replication_factor = int(params.replication_factor), - jaas_file = params.solr_jaas_file) - - if params.security_enabled and params.has_infra_solr \ - and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos: - secure_znode(format('{solr_znode}/configs/{ranger_solr_config_set}'), params.solr_jaas_file) - secure_znode(format('{solr_znode}/collections/{ranger_solr_collection_name}'), params.solr_jaas_file) + shards = params.ranger_solr_shards, + replication_factor = int(params.replication_factor), + jaas_file = params.solr_jaas_file) + + if params.security_enabled and params.has_infra_solr \ + and not params.is_external_solrCloud_enabled and params.stack_supports_ranger_kerberos: + secure_znode(format('{solr_znode}/configs/{ranger_solr_config_set}'), params.solr_jaas_file) + secure_znode(format('{solr_znode}/collections/{ranger_solr_collection_name}'), params.solr_jaas_file) + except ExecutionFailed as execution_exception: + Logger.error('Error when configuring Solr for Ranger, Kindly check Solr/Zookeeper services to be up and running:\n {0}'.format(execution_exception)) def setup_ranger_admin_passwd_change(): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/423d836d/ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 index 34ce70d..25dbb7a 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 +++ b/ambari-server/src/main/resources/common-services/RANGER/0.7.0/properties/ranger-solrconfig.xml.j2 @@ -35,7 +35,7 @@ that you fully re-index after changing this setting as it can affect both how text is indexed and queried. --> - <luceneMatchVersion>5.0.0</luceneMatchVersion> + <luceneMatchVersion>5.2.0</luceneMatchVersion> <!-- <lib/> directives can be used to instruct Solr to load any Jars identified and use them to resolve any "plugins" specified in @@ -1055,13 +1055,6 @@ class="solr.DocumentAnalysisRequestHandler" startup="lazy" /> - <!-- Admin Handlers - - Admin Handlers - This will register all the standard admin - RequestHandlers. - --> - <requestHandler name="/admin/" - class="solr.admin.AdminHandlers" /> <!-- This single handler is equivalent to the following... --> <!-- <requestHandler name="/admin/luke" class="solr.admin.LukeRequestHandler" /> http://git-wip-us.apache.org/repos/asf/ambari/blob/423d836d/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py index da3c98f..488562b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.6/services/stack_advisor.py @@ -465,8 +465,10 @@ class HDP26StackAdvisor(HDP25StackAdvisor): and ranger_usersync_properties['ranger.usersync.ldap.deltasync'].lower() == 'true' group_sync_enabled = 'ranger.usersync.group.searchenabled' in ranger_usersync_properties \ and ranger_usersync_properties['ranger.usersync.group.searchenabled'].lower() == 'true' + usersync_source_ldap_enabled = 'ranger.usersync.source.impl.class' in ranger_usersync_properties \ + and ranger_usersync_properties['ranger.usersync.source.impl.class'] == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder' - if delta_sync_enabled and not group_sync_enabled: + if usersync_source_ldap_enabled and delta_sync_enabled and not group_sync_enabled: validationItems.append({"config-name": "ranger.usersync.group.searchenabled", "item": self.getWarnItem( "Need to set ranger.usersync.group.searchenabled as true, as ranger.usersync.ldap.deltasync is enabled")})