Repository: ranger Updated Branches: refs/heads/master f84ff8e0f -> c89b55591
RANGER-1369:There is invalid group error when install Solr for Ranger Audits Signed-off-by: zhangqiang2 <zhangqia...@zte.com.cn> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/c89b5559 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/c89b5559 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/c89b5559 Branch: refs/heads/master Commit: c89b555919126bb5501bfc1a80cd6813ca41c9d8 Parents: f84ff8e Author: zhangqiang2 <zhangqia...@zte.com.cn> Authored: Fri Apr 7 16:55:30 2017 +0800 Committer: zhangqiang2 <zhangqia...@zte.com.cn> Committed: Mon Apr 10 20:16:43 2017 +0800 ---------------------------------------------------------------------- .../solr_for_audit_setup/install.properties | 4 +- .../contrib/solr_for_audit_setup/setup.sh | 64 ++++++++++++-------- 2 files changed, 42 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/c89b5559/security-admin/contrib/solr_for_audit_setup/install.properties ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/install.properties b/security-admin/contrib/solr_for_audit_setup/install.properties index fc9955d..45f026e 100644 --- a/security-admin/contrib/solr_for_audit_setup/install.properties +++ b/security-admin/contrib/solr_for_audit_setup/install.properties @@ -23,9 +23,9 @@ #in the env, then please set it here #JAVA_HOME= -#The operating system (linux) user used by Solr process. You need to run Solr as the below user +#The operating system (linux) user used by Solr process. You need to run Solr as the below user and group SOLR_USER=solr - +SOLR_GROUP=solr #How long to keep the audit logs. Please note, audit records grows very rapidly. Make sure to #allocate enough memory and disk space to the server running Solr. MAX_AUDIT_RETENTION_DAYS=90 http://git-wip-us.apache.org/repos/asf/ranger/blob/c89b5559/security-admin/contrib/solr_for_audit_setup/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/contrib/solr_for_audit_setup/setup.sh b/security-admin/contrib/solr_for_audit_setup/setup.sh index 86834a7..5b6b781 100755 --- a/security-admin/contrib/solr_for_audit_setup/setup.sh +++ b/security-admin/contrib/solr_for_audit_setup/setup.sh @@ -38,6 +38,7 @@ SOLR_DEPLOYMENT=$(get_prop 'SOLR_DEPLOYMENT' $PROPFILE) SOLR_RANGER_DATA_FOLDER=$(get_prop 'SOLR_RANGER_DATA_FOLDER' $PROPFILE) SOLR_ZK=$(get_prop 'SOLR_ZK' $PROPFILE) SOLR_USER=$(get_prop 'SOLR_USER' $PROPFILE) +SOLR_GROUP=$(get_prop 'SOLR_GROUP' $PROPFILE) SOLR_RANGER_COLLECTION=$(get_prop 'SOLR_RANGER_COLLECTION' $PROPFILE) SOLR_INSTALL=$(get_prop 'SOLR_INSTALL' $PROPFILE) SOLR_DOWNLOAD_URL=$(get_prop 'SOLR_DOWNLOAD_URL' $PROPFILE) @@ -109,6 +110,10 @@ if [ "$SOLR_USER" = "" ]; then SOLR_USER=solr fi +if [ "$SOLR_GROUP" = "" ]; then + SOLR_GROUP=solr +fi + if [ "$SOLR_RANGER_COLLECTION" = "" ]; then SOLR_RANGER_COLLECTION=ranger_audits fi @@ -139,12 +144,12 @@ fi function run_root_usage { - echo "sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_INSTALL_FOLDER" + echo "sudo chown -R $SOLR_USER:$SOLR_GROUP $SOLR_INSTALL_FOLDER" echo "sudo mkdir -p $SOLR_RANGER_HOME" - echo "sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_RANGER_HOME" + echo "sudo chown -R $SOLR_USER:$SOLR_GROUP $SOLR_RANGER_HOME" if [ "$SOLR_LOG_FOLDER" != "logs" ]; then echo "sudo mkdir -p $SOLR_LOG_FOLDER" - echo "sudo chown -R $SOLR_USER:$SOLR_USER $SOLR_LOG_FOLDER" + echo "sudo chown -R $SOLR_USER:$SOLR_GROUP $SOLR_LOG_FOLDER" fi } @@ -170,15 +175,19 @@ function set_ownership { if [ $is_root -ne 1 ]; then if [ "$SOLR_USER" != "$curr_user" ]; then - echo "`date`|ERROR|You need to run this script as root or as user $SOLR_USER" - echo "If you need to run as $SOLR_USER, then first execute the following commands as root or sudo" - id $SOLR_USER &> /dev/null - if [ $? -ne 0 ]; then - echo "sudo groupadd $SOLR_USER" - echo "sudo useradd -g $SOLR_USER $SOLR_USER" - fi - run_root_usage - exit 1 + echo "`date`|ERROR|You need to run this script as root or as user $SOLR_USER" + echo "If you need to run as $SOLR_USER, then first execute the following commands as root or sudo" + egrep "^$SOLR_GROUP" /etc/group >& /dev/null + if [ $? -ne 0 ] + then + echo "sudo groupadd $SOLR_GROUP" + fi + id $SOLR_USER &> /dev/null + if [ $? -ne 0 ]; then + echo "sudo useradd -g $SOLR_GROUP $SOLR_USER" + fi + run_root_usage + exit 1 fi #Let's make $curr_user has permission to write to $SOLR_RANGER_HOME and also chown @@ -197,9 +206,9 @@ if [ $is_root -ne 1 ]; then exit 1 fi - chown $SOLR_USER:$SOLR_USER $test_file 2> /dev/null + chown $SOLR_USER:$SOLR_GROUP $test_file 2> /dev/null if [ $? -ne 0 ]; then - echo "`date`|ERROR|User $curr_user doesn't have permission chown to $SOLR_USER in $SOLR_RANGER_HOME" + echo "`date`|ERROR|User $curr_user doesn't have permission chown to $SOLR_USER:$SOLR_GROUP in $SOLR_RANGER_HOME" run_root_usage exit 1 fi @@ -342,27 +351,34 @@ sed -e "s#{{SOLR_LOG_FOLDER}}#$SOLR_LOG_FOLDER#g" $SOLR_RANGER_HOME/resources/l sed -e "s#{{JAVA_HOME}}#$JAVA_HOME#g" -e "s#{{SOLR_USER}}#$SOLR_USER#g" -e "s#{{SOLR_ZK}}#$SOLR_ZK#g" -e "s#{{SOLR_INSTALL_DIR}}#$SOLR_INSTALL_FOLDER#g" -e "s#{{SOLR_RANGER_HOME}}#$SOLR_RANGER_HOME#g" -e "s#{{SOLR_PORT}}#$SOLR_RANGER_PORT#g" $SOLR_RANGER_HOME/scripts/solr.sh.j2 > $SOLR_RANGER_HOME/scripts/solr.sh sed -e "s#{{SOLR_USER}}#$SOLR_USER#g" -e "s#{{SOLR_INSTALL_DIR}}#$SOLR_INSTALL_FOLDER#g" -e "s#{{SOLR_RANGER_HOME}}#$SOLR_RANGER_HOME#g" $SOLR_RANGER_HOME/scripts/start_solr.sh.j2 > $SOLR_RANGER_HOME/scripts/start_solr.sh -#Let's make all ownership is given to $SOLR_USER +#Let's make all ownership is given to $SOLR_USER:$SOLR_GROUP if [ $is_root -eq 1 ]; then - #Let's see if $SOLR_USER exists. + #Let's see if $SOLR_GROUP exists,create group if not exists. + egrep "^$SOLR_GROUP" /etc/group >& /dev/null + if [ $? -ne 0 ] + then + echo "`date`|INFO|Creating group $SOLR_GROUP" + groupadd ${SOLR_GROUP} + fi + + #Let's see if $SOLR_USER exists,create user if not exists id $SOLR_USER &> /dev/null if [ $? -ne 0 ]; then - echo "`date`|INFO|Creating user $SOLR_USER" - groupadd $SOLR_USER 2> /dev/null - useradd -g $SOLR_USER $SOLR_USER 2>/dev/null + echo "`date`|INFO|Creating user $SOLR_USER" + useradd -g $SOLR_GROUP $SOLR_USER 2>/dev/null fi - set_ownership $SOLR_USER $SOLR_USER $SOLR_INSTALL_FOLDER + set_ownership $SOLR_USER $SOLR_GROUP $SOLR_INSTALL_FOLDER mkdir -p $SOLR_RANGER_HOME - set_ownership $SOLR_USER $SOLR_USER $SOLR_RANGER_HOME + set_ownership $SOLR_USER $SOLR_GROUP $SOLR_RANGER_HOME mkdir -p $SOLR_LOG_FOLDER - set_ownership $SOLR_USER $SOLR_USER $SOLR_LOG_FOLDER + set_ownership $SOLR_USER $SOLR_GROUP $SOLR_LOG_FOLDER if [ "$SOLR_DEPLOYMENT" = "standalone" ]; then mkdir -p $SOLR_RANGER_DATA_FOLDER - set_ownership $SOLR_USER $SOLR_USER $SOLR_RANGER_DATA_FOLDER + set_ownership $SOLR_USER $SOLR_GROUP $SOLR_RANGER_DATA_FOLDER fi else - set_ownership $SOLR_USER $SOLR_USER $SOLR_RANGER_HOME + set_ownership $SOLR_USER $SOLR_GROUP $SOLR_RANGER_HOME fi chmod a+x $SOLR_RANGER_HOME/scripts/*.sh