AMBARI-21058 HDP 3.0 - Changing common service version for Ranger & Ranger Kms (mugdha)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3dc51b0c Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3dc51b0c Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3dc51b0c Branch: refs/heads/trunk Commit: 3dc51b0c93bf13089dddd0f0f937b44d84f5017a Parents: 19d4200 Author: Mugdha Varadkar <mug...@apache.org> Authored: Tue Jun 27 15:52:53 2017 +0530 Committer: Mugdha Varadkar <mug...@apache.org> Committed: Thu Jul 6 09:48:45 2017 +0530 ---------------------------------------------------------------------- .../HDFS/3.0.0.3.0/service_advisor.py | 53 + .../RANGER/0.7.0.3.0/alerts.json | 76 - .../0.7.0.3.0/configuration/admin-log4j.xml | 132 -- .../configuration/admin-properties.xml | 163 -- .../configuration/atlas-tagsync-ssl.xml | 72 - .../configuration/ranger-admin-site.xml | 785 -------- .../0.7.0.3.0/configuration/ranger-env.xml | 513 ----- .../0.7.0.3.0/configuration/ranger-site.xml | 30 - .../configuration/ranger-solr-configuration.xml | 59 - .../ranger-tagsync-policymgr-ssl.xml | 72 - .../configuration/ranger-tagsync-site.xml | 206 -- .../configuration/ranger-ugsync-site.xml | 577 ------ .../tagsync-application-properties.xml | 62 - .../0.7.0.3.0/configuration/tagsync-log4j.xml | 90 - .../0.7.0.3.0/configuration/usersync-log4j.xml | 89 - .../configuration/usersync-properties.xml | 32 - .../RANGER/0.7.0.3.0/kerberos.json | 153 -- .../RANGER/0.7.0.3.0/metainfo.xml | 189 -- .../alerts/alert_ranger_admin_passwd_check.py | 195 -- .../RANGER/0.7.0.3.0/package/scripts/params.py | 448 ----- .../0.7.0.3.0/package/scripts/ranger_admin.py | 217 -- .../0.7.0.3.0/package/scripts/ranger_service.py | 69 - .../0.7.0.3.0/package/scripts/ranger_tagsync.py | 139 -- .../package/scripts/ranger_usersync.py | 124 -- .../0.7.0.3.0/package/scripts/service_check.py | 49 - .../0.7.0.3.0/package/scripts/setup_ranger.py | 153 -- .../package/scripts/setup_ranger_xml.py | 853 -------- .../0.7.0.3.0/package/scripts/status_params.py | 39 - .../RANGER/0.7.0.3.0/package/scripts/upgrade.py | 31 - .../templates/input.config-ranger.json.j2 | 79 - .../package/templates/ranger_admin_pam.j2 | 22 - .../package/templates/ranger_remote_pam.j2 | 22 - .../package/templates/ranger_solr_jaas_conf.j2 | 26 - .../properties/ranger-solrconfig.xml.j2 | 1874 ------------------ .../RANGER/0.7.0.3.0/quicklinks/quicklinks.json | 41 - .../RANGER/0.7.0.3.0/role_command_order.json | 9 - .../RANGER/0.7.0.3.0/service_advisor.py | 793 -------- .../0.7.0.3.0/themes/theme_version_1.json | 722 ------- .../0.7.0.3.0/themes/theme_version_2.json | 1470 -------------- .../0.7.0.3.0/themes/theme_version_3.json | 692 ------- .../0.7.0.3.0/themes/theme_version_5.json | 48 - .../RANGER/1.0.0.3.0/alerts.json | 76 + .../1.0.0.3.0/configuration/admin-log4j.xml | 132 ++ .../configuration/admin-properties.xml | 161 ++ .../configuration/atlas-tagsync-ssl.xml | 72 + .../configuration/ranger-admin-site.xml | 751 +++++++ .../1.0.0.3.0/configuration/ranger-env.xml | 503 +++++ .../configuration/ranger-solr-configuration.xml | 59 + .../ranger-tagsync-policymgr-ssl.xml | 72 + .../configuration/ranger-tagsync-site.xml | 201 ++ .../configuration/ranger-ugsync-site.xml | 571 ++++++ .../tagsync-application-properties.xml | 62 + .../1.0.0.3.0/configuration/tagsync-log4j.xml | 90 + .../1.0.0.3.0/configuration/usersync-log4j.xml | 89 + .../RANGER/1.0.0.3.0/kerberos.json | 153 ++ .../RANGER/1.0.0.3.0/metainfo.xml | 177 ++ .../alerts/alert_ranger_admin_passwd_check.py | 195 ++ .../RANGER/1.0.0.3.0/package/scripts/params.py | 449 +++++ .../1.0.0.3.0/package/scripts/ranger_admin.py | 210 ++ .../1.0.0.3.0/package/scripts/ranger_service.py | 69 + .../1.0.0.3.0/package/scripts/ranger_tagsync.py | 139 ++ .../package/scripts/ranger_usersync.py | 120 ++ .../1.0.0.3.0/package/scripts/service_check.py | 49 + .../package/scripts/setup_ranger_xml.py | 853 ++++++++ .../1.0.0.3.0/package/scripts/status_params.py | 39 + .../RANGER/1.0.0.3.0/package/scripts/upgrade.py | 31 + .../templates/input.config-ranger.json.j2 | 79 + .../package/templates/ranger_admin_pam.j2 | 22 + .../package/templates/ranger_remote_pam.j2 | 22 + .../package/templates/ranger_solr_jaas_conf.j2 | 26 + .../properties/ranger-solrconfig.xml.j2 | 1874 ++++++++++++++++++ .../RANGER/1.0.0.3.0/quicklinks/quicklinks.json | 41 + .../RANGER/1.0.0.3.0/role_command_order.json | 9 + .../RANGER/1.0.0.3.0/service_advisor.py | 774 ++++++++ .../1.0.0.3.0/themes/theme_version_1.json | 1821 +++++++++++++++++ .../RANGER_KMS/0.5.0.3.0/alerts.json | 32 - .../0.5.0.3.0/configuration/dbks-site.xml | 206 -- .../0.5.0.3.0/configuration/kms-env.xml | 116 -- .../0.5.0.3.0/configuration/kms-log4j.xml | 120 -- .../0.5.0.3.0/configuration/kms-properties.xml | 166 -- .../0.5.0.3.0/configuration/kms-site.xml | 133 -- .../configuration/ranger-kms-audit.xml | 124 -- .../configuration/ranger-kms-policymgr-ssl.xml | 68 - .../configuration/ranger-kms-security.xml | 64 - .../0.5.0.3.0/configuration/ranger-kms-site.xml | 104 - .../RANGER_KMS/0.5.0.3.0/kerberos.json | 84 - .../RANGER_KMS/0.5.0.3.0/metainfo.xml | 115 -- .../RANGER_KMS/0.5.0.3.0/package/scripts/kms.py | 677 ------- .../0.5.0.3.0/package/scripts/kms_server.py | 117 -- .../0.5.0.3.0/package/scripts/kms_service.py | 58 - .../0.5.0.3.0/package/scripts/params.py | 331 ---- .../0.5.0.3.0/package/scripts/service_check.py | 41 - .../0.5.0.3.0/package/scripts/status_params.py | 36 - .../0.5.0.3.0/package/scripts/upgrade.py | 30 - .../templates/input.config-ranger-kms.json.j2 | 48 - .../0.5.0.3.0/role_command_order.json | 7 - .../RANGER_KMS/0.5.0.3.0/service_advisor.py | 281 --- .../0.5.0.3.0/themes/theme_version_1.json | 303 --- .../0.5.0.3.0/themes/theme_version_2.json | 124 -- .../RANGER_KMS/1.0.0.3.0/alerts.json | 32 + .../1.0.0.3.0/configuration/dbks-site.xml | 206 ++ .../1.0.0.3.0/configuration/kms-env.xml | 115 ++ .../1.0.0.3.0/configuration/kms-log4j.xml | 120 ++ .../1.0.0.3.0/configuration/kms-properties.xml | 166 ++ .../1.0.0.3.0/configuration/kms-site.xml | 133 ++ .../configuration/ranger-kms-audit.xml | 118 ++ .../configuration/ranger-kms-policymgr-ssl.xml | 68 + .../configuration/ranger-kms-security.xml | 64 + .../1.0.0.3.0/configuration/ranger-kms-site.xml | 110 + .../RANGER_KMS/1.0.0.3.0/kerberos.json | 84 + .../RANGER_KMS/1.0.0.3.0/metainfo.xml | 111 ++ .../RANGER_KMS/1.0.0.3.0/package/scripts/kms.py | 675 +++++++ .../1.0.0.3.0/package/scripts/kms_server.py | 117 ++ .../1.0.0.3.0/package/scripts/kms_service.py | 58 + .../1.0.0.3.0/package/scripts/params.py | 331 ++++ .../1.0.0.3.0/package/scripts/service_check.py | 41 + .../1.0.0.3.0/package/scripts/status_params.py | 36 + .../1.0.0.3.0/package/scripts/upgrade.py | 30 + .../templates/input.config-ranger-kms.json.j2 | 48 + .../1.0.0.3.0/role_command_order.json | 7 + .../RANGER_KMS/1.0.0.3.0/service_advisor.py | 358 ++++ .../1.0.0.3.0/themes/theme_version_1.json | 409 ++++ .../stacks/HDP/3.0/services/RANGER/metainfo.xml | 4 +- .../HDP/3.0/services/RANGER_KMS/metainfo.xml | 4 +- 124 files changed, 13485 insertions(+), 14804 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py index 356ad59..e135275 100644 --- a/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py +++ b/ambari-server/src/main/resources/common-services/HDFS/3.0.0.3.0/service_advisor.py @@ -138,6 +138,7 @@ class HDFSServiceAdvisor(service_advisor.ServiceAdvisor): # Due to the existing stack inheritance, make it clear where each calculation came from. recommender = HDFSRecommender() recommender.recommendConfigurationsFromHDP206(configurations, clusterData, services, hosts) + recommender.recommendConfigurationsFromHDP22(configurations, clusterData, services, hosts) recommender.recommendConfigurationsFromHDP23(configurations, clusterData, services, hosts) recommender.recommendConfigurationsFromHDP26(configurations, clusterData, services, hosts) @@ -253,6 +254,58 @@ class HDFSRecommender(service_advisor.ServiceAdvisor): # recommendations for "hadoop.proxyuser.*.hosts", "hadoop.proxyuser.*.groups" properties in core-site self.recommendHadoopProxyUsers(configurations, services, hosts) + def recommendConfigurationsFromHDP22(self, configurations, clusterData, services, hosts): + """ + Recommend configurations for this service based on HDP 2.2 + """ + putHdfsSiteProperty = self.putProperty(configurations, "hdfs-site", services) + putCoreSiteProperty = self.putProperty(configurations, "core-site", services) + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] + + keyserverHostsString = None + keyserverPortString = None + if "hadoop-env" in services["configurations"] and "keyserver_host" in services["configurations"]["hadoop-env"]["properties"] and "keyserver_port" in services["configurations"]["hadoop-env"]["properties"]: + keyserverHostsString = services["configurations"]["hadoop-env"]["properties"]["keyserver_host"] + keyserverPortString = services["configurations"]["hadoop-env"]["properties"]["keyserver_port"] + + # Irrespective of what hadoop-env has, if Ranger-KMS is installed, we use its values. + rangerKMSServerHosts = self.getHostsWithComponent("RANGER_KMS", "RANGER_KMS_SERVER", services, hosts) + if rangerKMSServerHosts is not None and len(rangerKMSServerHosts) > 0: + rangerKMSServerHostsArray = [] + for rangeKMSServerHost in rangerKMSServerHosts: + rangerKMSServerHostsArray.append(rangeKMSServerHost["Hosts"]["host_name"]) + keyserverHostsString = ";".join(rangerKMSServerHostsArray) + if "kms-env" in services["configurations"] and "kms_port" in services["configurations"]["kms-env"]["properties"]: + keyserverPortString = services["configurations"]["kms-env"]["properties"]["kms_port"] + + if keyserverHostsString is not None and len(keyserverHostsString.strip()) > 0: + urlScheme = "http" + if "ranger-kms-site" in services["configurations"] and \ + "ranger.service.https.attrib.ssl.enabled" in services["configurations"]["ranger-kms-site"]["properties"] and \ + services["configurations"]["ranger-kms-site"]["properties"]["ranger.service.https.attrib.ssl.enabled"].lower() == "true": + urlScheme = "https" + + if keyserverPortString is None or len(keyserverPortString.strip()) < 1: + keyserverPortString = ":9292" + else: + keyserverPortString = ":" + keyserverPortString.strip() + + kmsPath = "kms://" + urlScheme + "@" + keyserverHostsString.strip() + keyserverPortString + "/kms" + putCoreSiteProperty("hadoop.security.key.provider.path", kmsPath) + putHdfsSiteProperty("dfs.encryption.key.provider.uri", kmsPath) + + putHdfsSitePropertyAttribute = self.putPropertyAttribute(configurations, "hdfs-site") + putCoreSitePropertyAttribute = self.putPropertyAttribute(configurations, "core-site") + if not "RANGER_KMS" in servicesList: + putCoreSitePropertyAttribute('hadoop.security.key.provider.path','delete','true') + putHdfsSitePropertyAttribute('dfs.encryption.key.provider.uri','delete','true') + + if "ranger-env" in services["configurations"] and "ranger-hdfs-plugin-properties" in services["configurations"] and \ + "ranger-hdfs-plugin-enabled" in services["configurations"]["ranger-env"]["properties"]: + putHdfsRangerPluginProperty = self.putProperty(configurations, "ranger-hdfs-plugin-properties", services) + rangerEnvHdfsPluginProperty = services["configurations"]["ranger-env"]["properties"]["ranger-hdfs-plugin-enabled"] + putHdfsRangerPluginProperty("ranger-hdfs-plugin-enabled", rangerEnvHdfsPluginProperty) + def recommendConfigurationsFromHDP23(self, configurations, clusterData, services, hosts): """ Recommend configurations for this service based on HDP 2.3. http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json deleted file mode 100644 index ab473a8..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/alerts.json +++ /dev/null @@ -1,76 +0,0 @@ -{ - "RANGER": { - "service": [], - "RANGER_ADMIN": [ - { - "name": "ranger_admin_process", - "label": "Ranger Admin Process", - "description": "This host-level alert is triggered if the Ranger Admin Web UI is unreachable.", - "interval": 1, - "scope": "ANY", - "source": { - "type": "WEB", - "uri": { - "http": "{{admin-properties/policymgr_external_url}}/login.jsp", - "https": "{{admin-properties/policymgr_external_url}}/login.jsp", - "kerberos_keytab": "{{cluster-env/smokeuser_keytab}}", - "kerberos_principal": "{{cluster-env/smokeuser_principal_name}}", - "https_property": "{{ranger-admin-site/ranger.service.https.attrib.ssl.enabled}}", - "https_property_value": "true", - "connection_timeout": 5.0 - }, - "reporting": { - "ok": { - "text": "HTTP {0} response in {2:.3f}s" - }, - "warning": { - "text": "HTTP {0} response from {1} in {2:.3f}s ({3})" - }, - "critical": { - "text": "Connection failed to {1} ({3})" - } - } - } - }, - { - "name": "ranger_admin_password_check", - "label": "Ranger Admin password check", - "description": "This alert is used to ensure that the Ranger Admin password in Ambari is correct.", - "interval": 30, - "scope": "ANY", - "source": { - "type": "SCRIPT", - "path": "RANGER/0.4.0/package/alerts/alert_ranger_admin_passwd_check.py", - "parameters": [] - } - } - ], - "RANGER_USERSYNC": [ - { - "name": "ranger_usersync_process", - "label": "Ranger Usersync Process", - "description": "This host-level alert is triggered if the Ranger Usersync cannot be determined to be up.", - "interval": 1, - "scope": "HOST", - "source": { - "type": "PORT", - "uri": "{{ranger-ugsync-site/ranger.usersync.port}}", - "default_port": 5151, - "reporting": { - "ok": { - "text": "TCP OK - {0:.3f}s response on port {1}" - }, - "warning": { - "text": "TCP OK - {0:.3f}s response on port {1}", - "value": 1.5 - }, - "critical": { - "text": "Connection failed: {0} to {1}:{2}", - "value": 5.0 - } - } - } - } - ] - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml deleted file mode 100644 index fbbfac7..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-log4j.xml +++ /dev/null @@ -1,132 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration supports_adding_forbidden="false"> - <property> - <name>ranger_xa_log_maxfilesize</name> - <value>256</value> - <description>The maximum size of backup file before the log is rotated</description> - <display-name>Ranger Log: backup file size</display-name> - <value-attributes> - <unit>MB</unit> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_xa_log_maxbackupindex</name> - <value>20</value> - <description>The number of backup files</description> - <display-name>Ranger Log: # of backup files</display-name> - <value-attributes> - <type>int</type> - <minimum>0</minimum> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>content</name> - <display-name>admin-log4j template</display-name> - <description>admin-log4j.properties</description> - <value> -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - - -log4j.rootLogger = warn,xa_log_appender - - -# xa_logger -log4j.appender.xa_log_appender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.xa_log_appender.file=${logdir}/xa_portal.log -log4j.appender.xa_log_appender.datePattern='.'yyyy-MM-dd -log4j.appender.xa_log_appender.append=true -log4j.appender.xa_log_appender.layout=org.apache.log4j.PatternLayout -log4j.appender.xa_log_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n -log4j.appender.xa_log_appender.MaxFileSize={{ranger_xa_log_maxfilesize}}MB -log4j.appender.xa_log_appender.MaxBackupIndex={{ranger_xa_log_maxbackupindex}} - -# xa_log_appender : category and additivity -log4j.category.org.springframework=warn,xa_log_appender -log4j.additivity.org.springframework=false - -log4j.category.org.apache.ranger=info,xa_log_appender -log4j.additivity.org.apache.ranger=false - -log4j.category.xa=info,xa_log_appender -log4j.additivity.xa=false - -# perf_logger -log4j.appender.perf_appender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.perf_appender.file=${logdir}/ranger_admin_perf.log -log4j.appender.perf_appender.datePattern='.'yyyy-MM-dd -log4j.appender.perf_appender.append=true -log4j.appender.perf_appender.layout=org.apache.log4j.PatternLayout -log4j.appender.perf_appender.layout.ConversionPattern=%d [%t] %m%n - - -# sql_appender -log4j.appender.sql_appender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.sql_appender.file=${logdir}/xa_portal_sql.log -log4j.appender.sql_appender.datePattern='.'yyyy-MM-dd -log4j.appender.sql_appender.append=true -log4j.appender.sql_appender.layout=org.apache.log4j.PatternLayout -log4j.appender.sql_appender.layout.ConversionPattern=%d [%t] %-5p %C{6} (%F:%L) - %m%n - -# sql_appender : category and additivity -log4j.category.org.hibernate.SQL=warn,sql_appender -log4j.additivity.org.hibernate.SQL=false - -log4j.category.jdbc.sqlonly=fatal,sql_appender -log4j.additivity.jdbc.sqlonly=false - -log4j.category.jdbc.sqltiming=warn,sql_appender -log4j.additivity.jdbc.sqltiming=false - -log4j.category.jdbc.audit=fatal,sql_appender -log4j.additivity.jdbc.audit=false - -log4j.category.jdbc.resultset=fatal,sql_appender -log4j.additivity.jdbc.resultset=false - -log4j.category.jdbc.connection=fatal,sql_appender -log4j.additivity.jdbc.connection=false - </value> - <value-attributes> - <type>content</type> - <show-property-name>false</show-property-name> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml deleted file mode 100644 index 1d73087..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/admin-properties.xml +++ /dev/null @@ -1,163 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration supports_final="false"> - - - <property> - <name>SQL_CONNECTOR_JAR</name> - <value>{{driver_curl_target}}</value> - <display-name>Location of Sql Connector Jar</display-name> - <description>Location of DB client library (please check the location of the jar file)</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>admin-properties</type> - <name>DB_FLAVOR</name> - </property> - </depends-on> - <on-ambari-upgrade add="false" update="false"/> - </property> - <property> - <name>db_root_user</name> - <value>root</value> - <display-name>Database Administrator (DBA) username</display-name> - <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property require-input="true"> - <name>db_root_password</name> - <value/> - <property-type>PASSWORD</property-type> - <display-name>Database Administrator (DBA) password</display-name> - <description>Database password for the database admin username</description> - <value-attributes> - <type>password</type> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>db_host</name> - <value/> - <display-name>Ranger DB host</display-name> - <description>Database host</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>db_name</name> - <value>ranger</value> - <display-name>Ranger DB name</display-name> - <description>Database name</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>db_user</name> - <value>rangeradmin</value> - <display-name>Ranger DB username</display-name> - <description>Database username used for the Ranger schema</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property require-input="true"> - <name>db_password</name> - <value/> - <property-type>PASSWORD</property-type> - <display-name>Ranger DB password</display-name> - <description>Database password for the Ranger schema</description> - <value-attributes> - <type>password</type> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>DB_FLAVOR</name> - <value>MYSQL</value> - <display-name>DB FLAVOR</display-name> - <description>The database type to be used (mysql/oracle)</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>MYSQL</value> - <label>MYSQL</label> - </entry> - <entry> - <value>ORACLE</value> - <label>ORACLE</label> - </entry> - <entry> - <value>POSTGRES</value> - <label>POSTGRES</label> - </entry> - <entry> - <value>MSSQL</value> - <label>MSSQL</label> - </entry> - <entry> - <value>SQLA</value> - <label>SQL Anywhere</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>policymgr_external_url</name> - <value/> - <display-name>External URL</display-name> - <description>Policy Manager external url eg: http://RANGER_HOST:6080</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>ranger-admin-site</type> - <name>ranger.service.http.enabled</name> - </property> - <property> - <type>ranger-admin-site</type> - <name>ranger.service.http.port</name> - </property> - <property> - <type>ranger-admin-site</type> - <name>ranger.service.https.port</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml deleted file mode 100644 index d43c010..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/atlas-tagsync-ssl.xml +++ /dev/null @@ -1,72 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <property> - <name>xasecure.policymgr.clientssl.keystore</name> - <value>/etc/security/serverKeys/atlas-tagsync-keystore.jks</value> - <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>xasecure.policymgr.clientssl.keystore.password</name> - <value>myKeyFilePassword</value> - <property-type>PASSWORD</property-type> - <description>password for keystore</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>xasecure.policymgr.clientssl.truststore</name> - <value>/etc/security/serverKeys/atlas-tagsync-mytruststore.jks</value> - <description>java truststore file</description> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>xasecure.policymgr.clientssl.truststore.password</name> - <value>changeit</value> - <property-type>PASSWORD</property-type> - <description>java truststore password</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>xasecure.policymgr.clientssl.keystore.credential.file</name> - <value>jceks://file{{atlas_tagsync_credential_file}}</value> - <description>java keystore credential file</description> - <on-ambari-upgrade add="false" /> - </property> - - <property> - <name>xasecure.policymgr.clientssl.truststore.credential.file</name> - <value>jceks://file{{atlas_tagsync_credential_file}}</value> - <description>java truststore credential file</description> - <on-ambari-upgrade add="false" /> - </property> - -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml deleted file mode 100644 index a9153f8..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-admin-site.xml +++ /dev/null @@ -1,785 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<configuration supports_final="true"> - <property> - <name>ranger.service.host</name> - <value>{{ranger_host}}</value> - <description>Host where ranger service to be installed</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.service.http.enabled</name> - <value>true</value> - <display-name>HTTP enabled</display-name> - <description>Enable HTTP</description> - <value-attributes> - <overridable>false</overridable> - <type>boolean</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.service.http.port</name> - <value>6080</value> - <description>HTTP port</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.service.https.port</name> - <value>6182</value> - <description>HTTPS port (if SSL is enabled)</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.service.https.attrib.ssl.enabled</name> - <value>false</value> - <description>true/false, set to true if using SSL</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.service.https.attrib.clientAuth</name> - <value>want</value> - <description>Needs to be set to want for two way SSL</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.service.https.attrib.keystore.keyalias</name> - <value>rangeradmin</value> - <description>Alias for Ranger Admin key in keystore</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.service.https.attrib.keystore.pass</name> - <value>xasecure</value> - <property-type>PASSWORD</property-type> - <description>Password for keystore</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.https.attrib.keystore.file</name> - <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value> - <description>Ranger admin keystore (specify full path)</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.externalurl</name> - <value>{{ranger_external_url}}</value> - <display-name>External URL</display-name> - <description>URL to be used by clients to access ranger admin</description> - <value-attributes> - <visible>false</visible> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.jpa.jdbc.driver</name> - <value>com.mysql.jdbc.Driver</value> - <display-name>Driver class name for a JDBC Ranger database</display-name> - <description>JDBC driver class name. Example: For MySQL / MariaDB: com.mysql.jdbc.Driver, For Oracle: oracle.jdbc.OracleDriver</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>admin-properties</type> - <name>DB_FLAVOR</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.jpa.jdbc.url</name> - <value>jdbc:mysql://localhost</value> - <display-name>JDBC connect string for a Ranger database</display-name> - <description>JDBC connect string</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>admin-properties</type> - <name>DB_FLAVOR</name> - </property> - <property> - <type>admin-properties</type> - <name>db_host</name> - </property> - <property> - <type>admin-properties</type> - <name>db_name</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.jpa.jdbc.user</name> - <value>{{ranger_db_user}}</value> - <description>JDBC user</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.jpa.jdbc.password</name> - <value>_</value> - <property-type>PASSWORD</property-type> - <description>JDBC password</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.jpa.jdbc.credential.alias</name> - <value>rangeradmin</value> - <description>Alias name for storing JDBC password</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.credential.provider.path</name> - <value>/etc/ranger/admin/rangeradmin.jceks</value> - <description>File for credential store, provide full file path</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.audit.source.type</name> - <value>solr</value> - <description>db or solr, based on the audit destination used</description> - <depends-on> - <property> - <type>ranger-env</type> - <name>xasecure.audit.destination.solr</name> - </property> - <property> - <type>ranger-env</type> - <name>xasecure.audit.destination.db</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.audit.solr.urls</name> - <value/> - <description>Solr url for audit. Example: http://solr_host:6083/solr/ranger_audits</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.authentication.method</name> - <value>UNIX</value> - <display-name>Authentication method</display-name> - <description>Ranger admin Authentication - UNIX/PAM/LDAP/AD/NONE</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>ranger-ugsync-site</type> - <name>ranger.usersync.source.impl.class</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.url</name> - <display-name>âLDAP URL</display-name> - <value>{{ranger_ug_ldap_url}}</value> - <description>LDAP Server URL, only used if Authentication method is LDAP</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.user.dnpattern</name> - <value>uid={0},ou=users,dc=xasecure,dc=net</value> - <description>LDAP user DN, only used if Authentication method is LDAP</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.group.searchbase</name> - <display-name>Group Search Base</display-name> - <value>{{ranger_ug_ldap_group_searchbase}}</value> - <description>LDAP group searchbase, only used if Authentication method is LDAP</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.group.searchfilter</name> - <display-name>Group Search Filter</display-name> - <value>{{ranger_ug_ldap_group_searchfilter}}</value> - <description>LDAP group search filter, only used if Authentication method is LDAP</description> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>ranger.ldap.group.roleattribute</name> - <value>cn</value> - <description>LDAP group role attribute, only used if Authentication method is LDAP</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.base.dn</name> - <value>dc=example,dc=com</value> - <description>The Distinguished Name (DN) of the starting point for directory server searches.</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.bind.dn</name> - <display-name>Bind User</display-name> - <value>{{ranger_ug_ldap_bind_dn}}</value> - <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.bind.password</name> - <display-name>âBind User Password</display-name> - <value>{{ranger_usersync_ldap_ldapbindpassword}}</value> - <property-type>PASSWORD</property-type> - <description>Password for the account that can search for users</description> - <value-attributes> - <type>password</type> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.referral</name> - <value>ignore</value> - <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.ad.domain</name> - <display-name>Domain Name (Only for AD)</display-name> - <value/> - <description>AD domain, only used if Authentication method is AD</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.ad.url</name> - <value>{{ranger_ug_ldap_url}}</value> - <description>AD URL, only used if Authentication method is AD</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.ad.base.dn</name> - <value>dc=example,dc=com</value> - <description>The Distinguished Name (DN) of the starting point for directory server searches.</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.ad.bind.dn</name> - <value>{{ranger_ug_ldap_bind_dn}}</value> - <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users.</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.ad.bind.password</name> - <value>{{ranger_usersync_ldap_ldapbindpassword}}</value> - <property-type>PASSWORD</property-type> - <description>Password for the account that can search for users</description> - <value-attributes> - <type>password</type> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>ranger.ldap.ad.referral</name> - <value>ignore</value> - <description>Set to follow if multiple LDAP servers are configured to return continuation references for results. Set to ignore (default) if no referrals should be followed. Possible values are follow|throw|ignore</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - - - - - <property> - <name>ranger.unixauth.remote.login.enabled</name> - <value>true</value> - <display-name>Allow remote Login</display-name> - <description>Remote login enabled? - only used if Authentication method is UNIX</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>Yes</label> - </entry> - <entry> - <value>false</value> - <label>No</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.unixauth.service.hostname</name> - <value>{{ugsync_host}}</value> - <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.unixauth.service.port</name> - <value>5151</value> - <description>Port for unix authentication service - only used if Authentication method is UNIX</description> - <value-attributes> - <type>int</type> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.jpa.jdbc.dialect</name> - <value>{{jdbc_dialect}}</value> - <description>JDBC dialect used for policy DB</description> - <on-ambari-upgrade add="false"/> - </property> - - - <property> - <name>ranger.audit.solr.username</name> - <value>ranger_solr</value> - <description>Solr username</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.audit.solr.password</name> - <value>NONE</value> - <property-type>PASSWORD</property-type> - <description>Solr password</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.sso.providerurl</name> - <value/> - <display-name>SSO provider url</display-name> - <description>Example: https://KNOX_HOST:KNOX_PORT/gateway/TOPOLOGY_NAME/knoxsso/api/v1/websso</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <depends-on> - <property> - <type>gateway-site</type> - <name>gateway.port</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.sso.publicKey</name> - <value/> - <display-name>SSO public key</display-name> - <description>Public key for SSO cookie verification</description> - <value-attributes> - <type>multiLine</type> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>ranger.sso.enabled</name> - <value>false</value> - <display-name>Enable Ranger SSO</display-name> - <description/> - <value-attributes> - <overridable>false</overridable> - <type>boolean</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>ranger.sso.browser.useragent</name> - <value>Mozilla,chrome</value> - <display-name>SSO browser useragent</display-name> - <description>Comma seperated browser agent</description> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.binddn.credential.alias</name> - <value>ranger.ldap.bind.password</value> - <description></description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.ldap.ad.binddn.credential.alias</name> - <value>ranger.ldap.ad.bind.password</value> - <description></description> - <on-ambari-upgrade add="false"/> - </property> - - - - - - - - - - - - <property> - <name>ranger.admin.kerberos.token.valid.seconds</name> - <value>30</value> - <description/> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.admin.kerberos.cookie.domain</name> - <value>{{ranger_host}}</value> - <description/> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.admin.kerberos.cookie.path</name> - <value>/</value> - <description/> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.spnego.kerberos.principal</name> - <value>*</value> - <description/> - <property-type>KERBEROS_PRINCIPAL</property-type> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.spnego.kerberos.keytab</name> - <value/> - <description/> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.admin.kerberos.principal</name> - <value/> - <description/> - <property-type>KERBEROS_PRINCIPAL</property-type> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.admin.kerberos.keytab</name> - <value/> - <description/> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.lookup.kerberos.principal</name> - <value/> - <description/> - <property-type>KERBEROS_PRINCIPAL</property-type> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.lookup.kerberos.keytab</name> - <value/> - <description/> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.truststore.file</name> - <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value> - <display-name>ranger.truststore.file</display-name> - <description>Ranger trust-store file-path</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.truststore.password</name> - <value>changeit</value> - <property-type>PASSWORD</property-type> - <value-attributes> - <type>password</type> - </value-attributes> - <display-name>ranger.truststore.password</display-name> - <description>Ranger trust-store password</description> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.audit.solr.zookeepers</name> - <value>NONE</value> - <description>Solr Zookeeper string</description> - <depends-on> - <property> - <type>infra-solr-env</type> - <name>infra_solr_znode</name> - </property> - <property> - <type>ranger-env</type> - <name>is_solrCloud_enabled</name> - </property> - <property> - <type>ranger-env</type> - <name>is_external_solrCloud_enabled</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - - - <property> - <name>ranger.ldap.ad.user.searchfilter</name> - <value>(sAMAccountName={0})</value> - <description>Search filter used for Bind Authentication</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.ldap.user.searchfilter</name> - <display-name>User Search Filter</display-name> - <value>(uid={0})</value> - <description>Search filter used for Bind Authentication</description> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.kms.service.user.hdfs</name> - <value/> - <description/> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <depends-on> - <property> - <type>hadoop-env</type> - <name>hdfs_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - <property> - <name>ranger.kms.service.user.hive</name> - <value/> - <description/> - <value-attributes> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <depends-on> - <property> - <type>hive-env</type> - <name>hive_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.plugins.hdfs.serviceuser</name> - <value>hdfs</value> - <depends-on> - <property> - <type>hadoop-env</type> - <name>hdfs_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.plugins.hive.serviceuser</name> - <value>hive</value> - <depends-on> - <property> - <type>hive-env</type> - <name>hive_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.plugins.hbase.serviceuser</name> - <value>hbase</value> - <depends-on> - <property> - <type>hbase-env</type> - <name>hbase_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.plugins.yarn.serviceuser</name> - <value>yarn</value> - <depends-on> - <property> - <type>yarn-env</type> - <name>yarn_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.plugins.knox.serviceuser</name> - <value>knox</value> - <depends-on> - <property> - <type>knox-env</type> - <name>knox_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.plugins.storm.serviceuser</name> - <value>storm</value> - <depends-on> - <property> - <type>storm-env</type> - <name>storm_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.plugins.kafka.serviceuser</name> - <value>kafka</value> - <depends-on> - <property> - <type>kafka-env</type> - <name>kafka_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.plugins.atlas.serviceuser</name> - <value>atlas</value> - <depends-on> - <property> - <type>atlas-env</type> - <name>metadata_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.plugins.kms.serviceuser</name> - <value>kms</value> - <depends-on> - <property> - <type>kms-env</type> - <name>kms_user</name> - </property> - </depends-on> - <on-ambari-upgrade add="true"/> - </property> - - <property> - <name>ranger.is.solr.kerberised</name> - <value>{{ranger_is_solr_kerberised}}</value> - <value-attributes> - <visible>false</visible> - </value-attributes> - <description/> - <on-ambari-upgrade add="true"/> - </property> - - - - <property> - <name>ranger.truststore.alias</name> - <value>trustStoreAlias</value> - <description></description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger.service.https.attrib.keystore.credential.alias</name> - <value>keyStoreCredentialAlias</value> - <description></description> - <on-ambari-upgrade add="false"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml deleted file mode 100644 index 3e25470..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-env.xml +++ /dev/null @@ -1,513 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration supports_final="true" supports_adding_forbidden="true"> - <property> - <name>ranger_user</name> - <value>ranger</value> - <property-type>USER</property-type> - <display-name>Ranger User</display-name> - <description>Ranger username</description> - <value-attributes> - <type>user</type> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_group</name> - <value>ranger</value> - <property-type>GROUP</property-type> - <display-name>Ranger Group</display-name> - <description>Ranger group</description> - <value-attributes> - <type>user</type> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_admin_log_dir</name> - <value>/var/log/ranger/admin</value> - <description/> - <value-attributes> - <type>directory</type> - <overridable>false</overridable> - <editable-only-at-install>true</editable-only-at-install> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_usersync_log_dir</name> - <value>/var/log/ranger/usersync</value> - <description/> - <value-attributes> - <type>directory</type> - <overridable>false</overridable> - <editable-only-at-install>true</editable-only-at-install> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_admin_username</name> - <value>amb_ranger_admin</value> - <property-type>TEXT</property-type> - <display-name>Ranger Admin username for Ambari</display-name> - <description>This is the ambari user created for creating repositories and policies in Ranger Admin for each plugin</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_admin_password</name> - <value/> - <property-type>PASSWORD</property-type> - <display-name>Ranger Admin user's password for Ambari</display-name> - <description>This is the ambari user password created for creating repositories and policies in Ranger Admin for each plugin</description> - <value-attributes> - <type>password</type> - <overridable>false</overridable> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>admin_username</name> - <value>admin</value> - <description>This is the username for default admin user that is used for creating ambari user in Ranger Admin</description> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>admin_password</name> - <value>admin</value> - <property-type>PASSWORD</property-type> - <description>This is the password for default admin user that is used for creating ambari user in Ranger Admin</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - - <property> - <name>ranger_pid_dir</name> - <value>/var/run/ranger</value> - <description/> - <value-attributes> - <type>directory</type> - <overridable>false</overridable> - <editable-only-at-install>true</editable-only-at-install> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger-hdfs-plugin-enabled</name> - <value>No</value> - <display-name>HDFS Ranger Plugin</display-name> - <description>Enable HDFS Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger-hive-plugin-enabled</name> - <value>No</value> - <display-name>Hive Ranger Plugin</display-name> - <description>Enable Hive Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger-hbase-plugin-enabled</name> - <value>No</value> - <display-name>Hbase Ranger Plugin</display-name> - <description>Enable HBase Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger-storm-plugin-enabled</name> - <value>No</value> - <display-name>Storm Ranger Plugin</display-name> - <description>Enable Storm Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger-knox-plugin-enabled</name> - <value>No</value> - <display-name>Knox Ranger Plugin</display-name> - <description>Enable Knox Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - - <property> - <name>xml_configurations_supported</name> - <value>true</value> - <description/> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>create_db_dbuser</name> - <value>true</value> - <display-name>Setup Database and Database User</display-name> - <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description> - <value-attributes> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>Yes</label> - </entry> - <entry> - <value>false</value> - <label>No</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>ranger_privelege_user_jdbc_url</name> - <display-name>JDBC connect string for root user</display-name> - <description>JDBC connect string - auto populated based on other values. This is to be used by root user</description> - <value>jdbc:mysql://localhost</value> - <value-attributes> - <overridable>false</overridable> - </value-attributes> - <depends-on> - <property> - <type>admin-properties</type> - <name>DB_FLAVOR</name> - </property> - <property> - <type>admin-properties</type> - <name>db_host</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger-yarn-plugin-enabled</name> - <value>No</value> - <display-name>YARN Ranger Plugin</display-name> - <description>Enable YARN Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger-kafka-plugin-enabled</name> - <value>No</value> - <display-name>Kafka Ranger Plugin</display-name> - <description>Enable Kafka Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.solr</name> - <value>true</value> - <display-name>Audit to Solr</display-name> - <description>Enable Audit to Solr for all ranger supported services. This property is overridable at service level</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>true</value> - <label>ON</label> - </entry> - <entry> - <value>false</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>is_solrCloud_enabled</name> - <display-name>SolrCloud</display-name> - <description>SolrCloud uses zookeeper for distributed search and indexing</description> - <value>false</value> - <value-attributes> - <type>value-list</type> - <overridable>false</overridable> - <entries> - <entry> - <value>true</value> - <label>ON</label> - </entry> - <entry> - <value>false</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - <empty-value-valid>true</empty-value-valid> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.hdfs</name> - <value>true</value> - <display-name>Audit to HDFS</display-name> - <description>Enable Audit to HDFS for all ranger supported services. This property is overridable at service level</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>true</value> - <label>ON</label> - </entry> - <entry> - <value>false</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>xasecure.audit.destination.hdfs.dir</name> - <value>hdfs://localhost:8020</value> - <display-name>Destination HDFS Directory</display-name> - <description>HDFS folder to write audit to, make sure all service user has required permissions. This property is overridable at service level</description> - <depends-on> - <property> - <type>core-site</type> - <name>fs.defaultFS</name> - </property> - </depends-on> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_solr_config_set</name> - <value>ranger_audits</value> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_solr_collection_name</name> - <value>ranger_audits</value> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_solr_shards</name> - <value>1</value> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_solr_replication_factor</name> - <value>1</value> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger-atlas-plugin-enabled</name> - <value>No</value> - <display-name>Atlas Ranger Plugin</display-name> - <description>Enable Atlas Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>is_external_solrCloud_enabled</name> - <display-name>External SolrCloud</display-name> - <value>false</value> - <description>Using Externally managed solr cloud ?</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>true</value> - <label>ON</label> - </entry> - <entry> - <value>false</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>is_external_solrCloud_kerberos</name> - <display-name>External SolrCloud kerberos</display-name> - <value>false</value> - <description>Is Externally managed solr cloud kerberos ?</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>true</value> - <label>ON</label> - </entry> - <entry> - <value>false</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>ranger-nifi-plugin-enabled</name> - <value>No</value> - <display-name>NIFI Ranger Plugin</display-name> - <description>Enable NIFI Ranger plugin</description> - <value-attributes> - <overridable>false</overridable> - <type>value-list</type> - <entries> - <entry> - <value>Yes</value> - <label>ON</label> - </entry> - <entry> - <value>No</value> - <label>OFF</label> - </entry> - </entries> - <selection-cardinality>1</selection-cardinality> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml deleted file mode 100644 index c70e222..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-site.xml +++ /dev/null @@ -1,30 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration supports_final="false"> - - - - - - - -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml deleted file mode 100644 index 550ce0d..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-solr-configuration.xml +++ /dev/null @@ -1,59 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <property> - <name>ranger_audit_max_retention_days</name> - <display-name>Max Retention Days</display-name> - <description>Days to retain audit logs in Solr</description> - <value>90</value> - <value-attributes> - <type>int</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>ranger_audit_logs_merge_factor</name> - <display-name>Merge Factor</display-name> - <description> - The mergeFactor value tells Lucene how many segments of equal size to build before merging them into a - single segment. High value merge factor (e.g. 25) improves indexing speed, but slows down searching. Low value - (e.g. 5) improves searching, but slows down indexing. - </description> - <value>5</value> - <value-attributes> - <type>int</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - <property> - <name>content</name> - <display-name>solr-config template</display-name> - <description>the jinja template for solrconfig.xml file used for ranger audit logs</description> - <value/> - <property-type>VALUE_FROM_PROPERTY_FILE</property-type> - <value-attributes> - <property-file-name>ranger-solrconfig.xml.j2</property-file-name> - <property-file-type>xml</property-file-type> - </value-attributes> - <on-ambari-upgrade add="false" /> - </property> -</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml deleted file mode 100644 index a4c9441..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/configuration/ranger-tagsync-policymgr-ssl.xml +++ /dev/null @@ -1,72 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ ---> -<configuration> - <property> - <name>xasecure.policymgr.clientssl.keystore</name> - <value>/etc/security/serverKeys/ranger-tagsync-keystore.jks</value> - <description>Java Keystore files</description> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>xasecure.policymgr.clientssl.keystore.password</name> - <value>myKeyFilePassword</value> - <property-type>PASSWORD</property-type> - <description>password for keystore</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>xasecure.policymgr.clientssl.truststore</name> - <value>/etc/security/serverKeys/ranger-tagsync-mytruststore.jks</value> - <description>java truststore file</description> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>xasecure.policymgr.clientssl.truststore.password</name> - <value>changeit</value> - <property-type>PASSWORD</property-type> - <description>java truststore password</description> - <value-attributes> - <type>password</type> - </value-attributes> - <on-ambari-upgrade add="false"/> - </property> - - <property> - <name>xasecure.policymgr.clientssl.keystore.credential.file</name> - <value>jceks://file{{ranger_tagsync_credential_file}}</value> - <description>java keystore credential file</description> - <on-ambari-upgrade add="false" /> - </property> - - <property> - <name>xasecure.policymgr.clientssl.truststore.credential.file</name> - <value>jceks://file{{ranger_tagsync_credential_file}}</value> - <description>java truststore credential file</description> - <on-ambari-upgrade add="false" /> - </property> - -</configuration>