This is an automated email from the ASF dual-hosted git repository. bpatel pushed a commit to branch ranger-2.3 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.3 by this push: new db99f63 RANGER-3632: accesslog RENAME_ON_ROTATE, del log4j remains db99f63 is described below commit db99f639017bc9bbd71a7c5772adc1545ca83ec0 Author: Kirby Zhou <kirbyz...@gmail.com> AuthorDate: Sun Feb 20 23:34:36 2022 +0800 RANGER-3632: accesslog RENAME_ON_ROTATE, del log4j remains --- .../scripts/ranger-admin-install.properties | 2 +- embeddedwebserver/scripts/ranger-admin-services.sh | 6 +- .../ranger/server/tomcat/EmbeddedServer.java | 12 +++- .../ranger/server/tomcat/EmbeddedServerUtil.java | 13 +++++ ranger-tools/scripts/README.txt | 2 +- security-admin/scripts/changepasswordutil.py | 2 +- security-admin/scripts/changeusernameutil.py | 2 +- security-admin/scripts/db_setup.py | 36 ++++++------ security-admin/scripts/install.properties | 2 +- security-admin/scripts/rolebasedusersearchutil.py | 4 +- security-admin/scripts/setup.sh | 12 ++-- .../scripts/updateUserAndGroupNamesInJson.py | 2 +- security-admin/src/bin/ranger_install.py | 4 +- .../WEB-INF => resources/conf.dist}/logback.xml | 0 .../conf.dist/ranger-admin-default-site.xml | 19 +++++- .../src/main/webapp/WEB-INF/db_patch.logback.xml | 68 ++++++++++++++++++++++ tagsync/scripts/setup.py | 4 +- unixauthservice/scripts/setup.py | 4 +- 18 files changed, 148 insertions(+), 46 deletions(-) diff --git a/dev-support/ranger-docker/scripts/ranger-admin-install.properties b/dev-support/ranger-docker/scripts/ranger-admin-install.properties index f4e623c..b9fefc5 100644 --- a/dev-support/ranger-docker/scripts/ranger-admin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-admin-install.properties @@ -22,7 +22,7 @@ RANGER_ADMIN_LOG_DIR=/var/log/ranger RANGER_PID_DIR_PATH=/var/run/ranger DB_FLAVOR=POSTGRES SQL_CONNECTOR_JAR=/usr/share/java/postgresql.jar -RANGER_ADMIN_LOG4J_CONF_FILE=/opt/ranger/admin/ews/webapp/WEB-INF/logback.xml +RANGER_ADMIN_LOGBACK_CONF_FILE=/opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/logback.xml db_root_user=postgres db_root_password=rangerR0cks! diff --git a/embeddedwebserver/scripts/ranger-admin-services.sh b/embeddedwebserver/scripts/ranger-admin-services.sh index 54ac410..6831dea 100755 --- a/embeddedwebserver/scripts/ranger-admin-services.sh +++ b/embeddedwebserver/scripts/ranger-admin-services.sh @@ -57,9 +57,9 @@ then RANGER_ADMIN_LOG_DIR=${XAPOLICYMGR_EWS_DIR}/logs fi -if [ -z "${RANGER_ADMIN_LOG4J_CONF_FILE}" ] +if [ -z "${RANGER_ADMIN_LOGBACK_CONF_FILE}" ] then - RANGER_ADMIN_LOG4J_CONF_FILE=${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/logback.xml + RANGER_ADMIN_LOGBACK_CONF_FILE=${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf/logback.xml fi if [ -z "${RANGER_PID_DIR_PATH}" ] @@ -91,7 +91,7 @@ fi SERVER_NAME=rangeradmin start() { SLEEP_TIME_AFTER_START=5 - nohup java -Dproc_rangeradmin ${JAVA_OPTS} -Dlogback.configurationFile=file:${RANGER_ADMIN_LOG4J_CONF_FILE} -Duser=${USER} -Dhostname=${HOSTNAME} ${DB_SSL_PARAM} -Dservername=${SERVER_NAME} -Dlogdir=${RANGER_ADMIN_LOG_DIR} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${JAVA_HOME}/lib/*:${RANGER_HADOOP_CONF_DIR}/*:$C [...] + nohup java -Dproc_rangeradmin ${JAVA_OPTS} -Dlogback.configurationFile=file:${RANGER_ADMIN_LOGBACK_CONF_FILE} -Duser=${USER} -Dhostname=${HOSTNAME} ${DB_SSL_PARAM} -Dservername=${SERVER_NAME} -Dlogdir=${RANGER_ADMIN_LOG_DIR} -Dcatalina.base=${XAPOLICYMGR_EWS_DIR} -cp "${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/classes/conf:${XAPOLICYMGR_EWS_DIR}/lib/*:${XAPOLICYMGR_EWS_DIR}/webapp/WEB-INF/lib/*:${RANGER_JAAS_LIB_DIR}/*:${RANGER_JAAS_CONF_DIR}:${JAVA_HOME}/lib/*:${RANGER_HADOOP_CONF_DIR}/*: [...] VALUE_OF_PID=$! echo "Starting Apache Ranger Admin Service" sleep $SLEEP_TIME_AFTER_START diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java index f5636e1..cae9075 100644 --- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java +++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java @@ -78,6 +78,9 @@ public class EmbeddedServer { private static final String ACCESS_LOG_PREFIX = "ranger.accesslog.prefix"; private static final String ACCESS_LOG_DATE_FORMAT = "ranger.accesslog.dateformat"; private static final String ACCESS_LOG_PATTERN = "ranger.accesslog.pattern"; + private static final String ACCESS_LOG_ROTATE_ENABLED = "ranger.accesslog.rotate.enabled"; + private static final String ACCESS_LOG_ROTATE_MAX_DAYS = "ranger.accesslog.rotate.max_days"; + private static final String ACCESS_LOG_ROTATE_RENAME_ON_ROTATE = "ranger.accesslog.rotate.rename_on_rotate"; public static final String RANGER_KEYSTORE_FILE_TYPE_DEFAULT = KeyStore.getDefaultType(); public static final String RANGER_TRUSTSTORE_FILE_TYPE_DEFAULT = KeyStore.getDefaultType(); public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLSv1.2"; @@ -192,12 +195,15 @@ public class EmbeddedServer { valve.setAsyncSupported(true); valve.setBuffered(false); valve.setEnabled(true); - valve.setPrefix(EmbeddedServerUtil.getConfig(ACCESS_LOG_PREFIX,"access-" + hostName +"-")); - valve.setFileDateFormat(EmbeddedServerUtil.getConfig(ACCESS_LOG_DATE_FORMAT, "yyyy-MM-dd.HH")); + valve.setPrefix(EmbeddedServerUtil.getConfig(ACCESS_LOG_PREFIX,"access-" + hostName)); + valve.setFileDateFormat(EmbeddedServerUtil.getConfig(ACCESS_LOG_DATE_FORMAT, "-yyyy-MM-dd.HH")); valve.setDirectory(logDirectory.getAbsolutePath()); valve.setSuffix(".log"); + valve.setRotatable(EmbeddedServerUtil.getBooleanConfig(ACCESS_LOG_ROTATE_ENABLED, true)); + valve.setMaxDays(EmbeddedServerUtil.getIntConfig(ACCESS_LOG_ROTATE_MAX_DAYS,15)); + valve.setRenameOnRotate(EmbeddedServerUtil.getBooleanConfig(ACCESS_LOG_ROTATE_RENAME_ON_ROTATE, false)); - String defaultAccessLogPattern = servername.equalsIgnoreCase(KMS_SERVER_NAME) ? "%h %l %u %t \"%m %U\" %s %b" : "%h %l %u %t \"%r\" %s %b"; + String defaultAccessLogPattern = servername.equalsIgnoreCase(KMS_SERVER_NAME) ? "%h %l %u %t \"%m %U\" %s %b %D" : "%h %l %u %t \"%r\" %s %b %D"; String logPattern = EmbeddedServerUtil.getConfig(ACCESS_LOG_PATTERN, defaultAccessLogPattern); valve.setPattern(logPattern); diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java index b05db77..b6c2a94 100644 --- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java +++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServerUtil.java @@ -64,6 +64,19 @@ public class EmbeddedServerUtil { return ret; } + public static boolean getBooleanConfig(String key, boolean defaultValue) { + boolean ret = defaultValue; + String retStr = getConfig(key); + try { + if (retStr != null) { + ret = Boolean.parseBoolean(retStr); + } + } catch (Exception err) { + LOG.severe(retStr + " can't be parsed to int. Reason: " + err.toString()); + } + return ret; + } + public static int getIntConfig(String key, int defaultValue) { int ret = defaultValue; String retStr = getConfig(key); diff --git a/ranger-tools/scripts/README.txt b/ranger-tools/scripts/README.txt index 81b5b66..b9ffe63 100644 --- a/ranger-tools/scripts/README.txt +++ b/ranger-tools/scripts/README.txt @@ -56,7 +56,7 @@ This file describes how to build, setup, configure and run the performance testi Please review the contents of these files and modify to suit your profiling needs. - Update conf/log4j.properties to specify the filename where perf run results will be written to. Property to update is 'log4j.appender.PERF.File'. + Update conf/logback.xml to specify the filename where perf run results will be written to. Property to update is 'log4j.appender.PERF.File'. 6. Run the tool with the following command diff --git a/security-admin/scripts/changepasswordutil.py b/security-admin/scripts/changepasswordutil.py index c9c4edc..e45dab6 100644 --- a/security-admin/scripts/changepasswordutil.py +++ b/security-admin/scripts/changepasswordutil.py @@ -111,7 +111,7 @@ def main(argv): path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s/*")%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home,ews_lib) elif os_name == "WINDOWS": path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home) - get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path, + get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path, 'ChangePasswordUtil','"'+userName+'"','"'+oldPassword+'"','"'+newPassword+'"') if os_name == "LINUX": ret = subprocess.call(shlex.split(get_java_cmd)) diff --git a/security-admin/scripts/changeusernameutil.py b/security-admin/scripts/changeusernameutil.py index 45c0ef7..699f945 100644 --- a/security-admin/scripts/changeusernameutil.py +++ b/security-admin/scripts/changeusernameutil.py @@ -111,7 +111,7 @@ def main(argv): path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s/*")%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home,ews_lib) elif os_name == "WINDOWS": path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home) - get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'ChangeUserNameUtil',userName,oldPassword,newUserName) + get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'ChangeUserNameUtil',userName,oldPassword,newUserName) if os_name == "LINUX": ret = subprocess.call(shlex.split(get_java_cmd)) elif os_name == "WINDOWS": diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index 40a5fb2..79d6475 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -441,13 +441,13 @@ class BaseDB(object): if ranger_log_dir == "$PWD": ranger_log_dir = os.path.join(RANGER_ADMIN_HOME,"ews","logs") javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch") - log4j_conf_file = globalDict['RANGER_ADMIN_LOG4J_CONF_FILE'] - if not log4j_conf_file: - log4j_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "logback.xml") + logback_conf_file = globalDict['RANGER_ADMIN_LOGBACK_CONF_FILE'] + if not logback_conf_file: + logback_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "classes", "conf", "logback.xml") else: - log4j_conf_file = "file:" + log4j_conf_file + logback_conf_file = "file:" + logback_conf_file log("[I] RANGER ADMIN LOG DIR : " + ranger_log_dir, "info") - log("[I] LOG4J CONF FILE : " + log4j_conf_file, "info") + log("[I] LOGBACK CONF FILE : " + logback_conf_file, "info") if not os.path.exists(javaFiles): log("[I] No java patches to apply!","info") else: @@ -515,7 +515,7 @@ class BaseDB(object): path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) elif os_name == "WINDOWS": path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) - get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log_dir,log4j_conf_file,os_user,client_host,path,className) + get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlogback.configurationFile=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log_dir,logback_conf_file,os_user,client_host,path,className) if is_unix: ret = subprocess.call(shlex.split(get_java_cmd)) elif os_name == "WINDOWS": @@ -543,14 +543,14 @@ class BaseDB(object): if ranger_log_dir == "$PWD": ranger_log_dir = os.path.join(RANGER_ADMIN_HOME,"ews","logs") filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class") - log4j_conf_file = globalDict['RANGER_ADMIN_LOG4J_CONF_FILE'] - if not log4j_conf_file: - log4j_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "logback.xml") + logback_conf_file = globalDict['RANGER_ADMIN_LOGBACK_CONF_FILE'] + if not logback_conf_file: + logback_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "classes", "conf", "logback.xml") else: - log4j_conf_file = "file:" + log4j_conf_file + logback_conf_file = "file:" + logback_conf_file log("[I] RANGER ADMIN LOG DIR : " + ranger_log_dir, "info") - log("[I] LOG4J CONF FILE : " + log4j_conf_file, "info") + log("[I] LOGBACK CONF FILE : " + logback_conf_file, "info") if os.path.exists(filePath): if version != "": output = self.execute_query(self.get_version_query(version,'Y')) @@ -606,7 +606,7 @@ class BaseDB(object): path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) elif os_name == "WINDOWS": path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) - get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log_dir,log4j_conf_file,os_user,client_host,path,className,'"'+userName+'"','"'+oldPassword+'"','"'+newPassword+'"') + get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s -default"%(self.JAVA_BIN,ranger_log_dir,logback_conf_file,os_user,client_host,path,className,'"'+userName+'"','"'+oldPassword+'"','"'+newPassword+'"') if is_unix: status = subprocess.call(shlex.split(get_java_cmd)) elif os_name == "WINDOWS": @@ -641,14 +641,14 @@ class BaseDB(object): if ranger_log_dir == "$PWD": ranger_log_dir = os.path.join(RANGER_ADMIN_HOME,"ews","logs") filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class") - log4j_conf_file = globalDict['RANGER_ADMIN_LOG4J_CONF_FILE'] - if not log4j_conf_file: - log4j_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "logback.xml") + logback_conf_file = globalDict['RANGER_ADMIN_LOGBACK_CONF_FILE'] + if not logback_conf_file: + logback_conf_file = "file:" + os.path.join(app_home, "WEB-INF", "classes", "conf", "logback.xml") else: - log4j_conf_file = "file:" + log4j_conf_file + logback_conf_file = "file:" + logback_conf_file log("[I] RANGER ADMIN LOG DIR : " + ranger_log_dir, "info") - log("[I] LOG4J CONF FILE : " + log4j_conf_file, "info") + log("[I] LOGBACK CONF FILE : " + logback_conf_file, "info") if os.path.exists(filePath): if version != "": output = self.execute_query(self.get_version_query(version,'Y')) @@ -704,7 +704,7 @@ class BaseDB(object): path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) elif os_name == "WINDOWS": path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) - get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,ranger_log_dir,log4j_conf_file,os_user,client_host,path,className, userPwdString) + get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=%s -Duser=%s -Dhostname=%s -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,ranger_log_dir,logback_conf_file,os_user,client_host,path,className, userPwdString) if is_unix: status = subprocess.call(shlex.split(get_java_cmd)) elif os_name == "WINDOWS": diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties index 5a8b00c..fce6c5b 100644 --- a/security-admin/scripts/install.properties +++ b/security-admin/scripts/install.properties @@ -233,7 +233,7 @@ sso_publickey= # Custom log directory path RANGER_ADMIN_LOG_DIR=$PWD -RANGER_ADMIN_LOG4J_CONF_FILE= +RANGER_ADMIN_LOGBACK_CONF_FILE= # PID file path RANGER_PID_DIR_PATH=/var/run/ranger diff --git a/security-admin/scripts/rolebasedusersearchutil.py b/security-admin/scripts/rolebasedusersearchutil.py index f9feddc..612db33 100644 --- a/security-admin/scripts/rolebasedusersearchutil.py +++ b/security-admin/scripts/rolebasedusersearchutil.py @@ -142,9 +142,9 @@ def main(argv): elif os_name == "WINDOWS": path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home) if userRole != "" : - get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password,userRole) + get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password,userRole) if userRole == "" : - get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s "%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password) + get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s "%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password) if os_name == "LINUX": ret = subprocess.call(shlex.split(get_java_cmd)) elif os_name == "WINDOWS": diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index d6cb561..1ed908d 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -141,7 +141,7 @@ sso_enabled=$(get_prop 'sso_enabled' $PROPFILE) sso_providerurl=$(get_prop 'sso_providerurl' $PROPFILE) sso_publickey=$(get_prop 'sso_publickey' $PROPFILE) RANGER_ADMIN_LOG_DIR=$(eval echo "$(get_prop 'RANGER_ADMIN_LOG_DIR' $PROPFILE)") -RANGER_ADMIN_LOG4J_CONF_FILE=$(eval echo "$(get_prop 'RANGER_ADMIN_LOG4J_CONF_FILE' $PROPFILE)") +RANGER_ADMIN_LOGBACK_CONF_FILE=$(eval echo "$(get_prop 'RANGER_ADMIN_LOGBACK_CONF_FILE' $PROPFILE)") RANGER_PID_DIR_PATH=$(eval echo "$(get_prop 'RANGER_PID_DIR_PATH' $PROPFILE)") spnego_principal=$(get_prop 'spnego_principal' $PROPFILE) @@ -1491,12 +1491,12 @@ setup_install_files(){ fi fi - if [ -z "${RANGER_ADMIN_LOG4J_CONF_FILE}" ]; then - RANGER_ADMIN_LOG4J_CONF_FILE=${WEBAPP_ROOT}/WEB-INF/logback.xml + if [ -z "${RANGER_ADMIN_LOGBACK_CONF_FILE}" ]; then + RANGER_ADMIN_LOGBACK_CONF_FILE=${WEBAPP_ROOT}/WEB-INF/classes/conf/logback.xml fi - echo "export RANGER_ADMIN_LOG4J_CONF_FILE=${RANGER_ADMIN_LOG4J_CONF_FILE}" > ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-log4j-conf-file.sh - chmod a+rx ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-log4j-conf-file.sh - log "[I] RANGER ADMIN LOG4J CONF FILE : ${RANGER_ADMIN_LOG4J_CONF_FILE}" + echo "export RANGER_ADMIN_LOGBACK_CONF_FILE=${RANGER_ADMIN_LOGBACK_CONF_FILE}" > ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-logback-conf-file.sh + chmod a+rx ${WEBAPP_ROOT}/WEB-INF/classes/conf/ranger-admin-env-logback-conf-file.sh + log "[I] RANGER ADMIN LOGBACK CONF FILE : ${RANGER_ADMIN_LOGBACK_CONF_FILE}" if [ -z "${RANGER_ADMIN_LOG_DIR}" ] || [ ${RANGER_ADMIN_LOG_DIR} == ${XAPOLICYMGR_DIR} ]; then RANGER_ADMIN_LOG_DIR=${XAPOLICYMGR_DIR}/ews/logs; diff --git a/security-admin/scripts/updateUserAndGroupNamesInJson.py b/security-admin/scripts/updateUserAndGroupNamesInJson.py index b115d22..c40ec44 100644 --- a/security-admin/scripts/updateUserAndGroupNamesInJson.py +++ b/security-admin/scripts/updateUserAndGroupNamesInJson.py @@ -81,7 +81,7 @@ def main(argv): path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s/*")%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home,ews_lib) elif os_name == "WINDOWS": path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home) - get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s"%(JAVA_BIN,ranger_log,path,'UpdateUserAndGroupNamesInJson') + get_java_cmd = "%s -Dlogdir=%s -Dlogback.configurationFile=db_patch.logback.xml -cp %s org.apache.ranger.patch.cliutil.%s"%(JAVA_BIN,ranger_log,path,'UpdateUserAndGroupNamesInJson') if os_name == "LINUX": ret = subprocess.call(shlex.split(get_java_cmd)) elif os_name == "WINDOWS": diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py index 90ac92a..39b9d1f 100644 --- a/security-admin/src/bin/ranger_install.py +++ b/security-admin/src/bin/ranger_install.py @@ -667,8 +667,8 @@ def import_db (): # with zipfile.ZipFile(war_file, "r") as z: # z.extractall(WEBAPP_ROOT) # log("Extract War file " + war_file + " to " + WEBAPP_ROOT + " DONE! ","info") -# if os.path.isfile ( os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod")) : -# shutil.copyfile(os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml.prod"), os.path.join(WEBAPP_ROOT, "WEB-INF", "log4j.xml")) +# if os.path.isfile ( os.path.join(WEBAPP_ROOT, "WEB-INF", "logback.xml.prod")) : +# shutil.copyfile(os.path.join(WEBAPP_ROOT, "WEB-INF", "logback.xml.prod"), os.path.join(WEBAPP_ROOT, "WEB-INF", "logback.xml")) # def copy_mysql_connector(): # log("Copying MYSQL Connector to "+app_home+"/WEB-INF/lib ","info") diff --git a/security-admin/src/main/webapp/WEB-INF/logback.xml b/security-admin/src/main/resources/conf.dist/logback.xml similarity index 100% rename from security-admin/src/main/webapp/WEB-INF/logback.xml rename to security-admin/src/main/resources/conf.dist/logback.xml diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml index 0a11286..2471f6a 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml @@ -298,12 +298,27 @@ <property> <name>ranger.accesslog.dateformat</name> - <value>yyyy-MM-dd</value> + <value>-yyyy-MM-dd</value> </property> <property> <name>ranger.accesslog.pattern</name> - <value>%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-Agent}i"</value> + <value>%h %l %u %t "%r" %s %b %D "%{Referer}i" "%{User-Agent}i"</value> + </property> + + <property> + <name>ranger.accesslog.rotate.enabled</name> + <value>true</value> + </property> + + <property> + <name>ranger.accesslog.rotate.max_days</name> + <value>15</value> + </property> + + <property> + <name>ranger.accesslog.rotate.rename_on_rotate</name> + <value>15</value> </property> <property> diff --git a/security-admin/src/main/webapp/WEB-INF/db_patch.logback.xml b/security-admin/src/main/webapp/WEB-INF/db_patch.logback.xml new file mode 100644 index 0000000..deb3b0c --- /dev/null +++ b/security-admin/src/main/webapp/WEB-INF/db_patch.logback.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<configuration> + <appender name="xa_log_appender" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logdir}/ranger_db_patch.log</file> + <encoder> + <pattern>%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logdir}/ranger_db_patch.log.%d{'.'yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + </appender> + + <appender name="sql_appender" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logdir}/ranger_admin_sql_db_patch.log</file> + <encoder> + <pattern>%d{dd MMM yyyy HH:mm:ss} %5p %c{1} [%t] - %L %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logdir}/ranger_admin_sql_db_patch.log.%d{'.'yyyy-MM-dd}</fileNamePattern> + </rollingPolicy> + </appender> + + <logger name="org.springframework" level="warn" additivity="false"/> + <logger name="org.hibernate.SQL" level="warn" additivity="false"> + <appender-ref ref="sql_appender"/> + </logger> + <logger name="jdbc.sqlonly" level="fatal" additivity="false"> + <appender-ref ref="sql_appender"/> + </logger> + <logger name="jdbc.sqltiming" level="warn" additivity="false"> + <appender-ref ref="sql_appender"/> + </logger> + <logger name="jdbc.audit" level="fatal" additivity="false"> + <appender-ref ref="sql_appender"/> + </logger> + <logger name="jdbc.resultset" level="fatal" additivity="false"> + <appender-ref ref="sql_appender"/> + </logger> + <logger name="jdbc.connection" level="fatal" additivity="false"> + <appender-ref ref="sql_appender"/> + </logger> + <logger name="org.apache.ranger" level="info" additivity="false"> + <appender-ref ref="xa_log_appender"/> + </logger> + <logger name="xa" level="info" additivity="false"> + <appender-ref ref="xa_log_appender"/> + </logger> + + <root level="warn"> + <appender-ref ref="xa_log_appender"/> + </root> +</configuration> diff --git a/tagsync/scripts/setup.py b/tagsync/scripts/setup.py index 29ad7fa..1b88ae2 100755 --- a/tagsync/scripts/setup.py +++ b/tagsync/scripts/setup.py @@ -53,7 +53,7 @@ confDistBaseDirName = 'conf.dist' outputFileName = 'ranger-tagsync-site.xml' installPropFileName = 'install.properties' -log4jFileName = 'logback.xml' +logbackFileName = 'logback.xml' install2xmlMapFileName = 'installprop2xml.properties' templateFileName = 'ranger-tagsync-template.xml' initdProgramName = 'ranger-tagsync' @@ -365,7 +365,7 @@ def main(): if (not os.path.isdir(dir)): os.makedirs(dir,0o755) - defFileList = [ log4jFileName ] + defFileList = [ logbackFileName ] for defFile in defFileList: fn = join(confDistDirName, defFile) if ( isfile(fn) ): diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py index 4fcfdd8..be64278 100755 --- a/unixauthservice/scripts/setup.py +++ b/unixauthservice/scripts/setup.py @@ -57,7 +57,7 @@ defaultCertFileName = 'unixauthservice.jks' outputFileName = 'ranger-ugsync-site.xml' installPropFileName = 'install.properties' defaultSiteXMLFileName = 'ranger-ugsync-default.xml' -log4jFileName = 'logback.xml' +logbackFileName = 'logback.xml' install2xmlMapFileName = 'installprop2xml.properties' templateFileName = 'ranger-ugsync-template.xml' initdProgramName = 'ranger-usersync' @@ -412,7 +412,7 @@ def main(): if (not os.path.isdir(dir)): os.makedirs(dir, 0o750) - defFileList = [defaultSiteXMLFileName, log4jFileName] + defFileList = [defaultSiteXMLFileName, logbackFileName] for defFile in defFileList: fn = join(confDistDirName, defFile) if (isfile(fn)):