AMBARI-14550. Ranger KMS install from Ambari - Add ability to skip DB/DB user setup. (gautam via yusaku)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e310fdab Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e310fdab Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e310fdab Branch: refs/heads/branch-dev-patch-upgrade Commit: e310fdab5b15d29b8cc4a6238607e4b5c37e8495 Parents: ad63e8f Author: Yusaku Sako <yus...@hortonworks.com> Authored: Tue Jan 12 10:52:03 2016 -0800 Committer: Nate Cole <nc...@hortonworks.com> Committed: Thu Jan 14 11:43:25 2016 -0500 ---------------------------------------------------------------------- .../server/upgrade/UpgradeCatalog221.java | 46 +++ .../0.5.0.2.3/configuration/dbks-site.xml | 58 +++- .../0.5.0.2.3/configuration/kms-env.xml | 22 ++ .../0.5.0.2.3/configuration/kms-properties.xml | 78 ++++- .../configuration/ranger-kms-audit.xml | 4 + .../configuration/ranger-kms-policymgr-ssl.xml | 8 + .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 30 +- .../0.5.0.2.3/package/scripts/params.py | 9 + .../HDP/2.3/services/RANGER_KMS/metainfo.xml | 8 + .../RANGER_KMS/themes/theme_version_1.json | 303 +++++++++++++++++++ .../stacks/HDP/2.3/services/stack_advisor.py | 36 +++ .../server/upgrade/UpgradeCatalog221Test.java | 44 +++ ambari-web/app/models/stack_service.js | 5 + 13 files changed, 631 insertions(+), 20 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog221.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog221.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog221.java index b41bee4..914c547 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog221.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog221.java @@ -82,6 +82,13 @@ public class UpgradeCatalog221 extends AbstractUpgradeCatalog { private static final String BLUEPRINT_HOSTGROUP_COMPONENT_TABLE_NAME = "hostgroup_component"; private static final String BLUEPRINT_PROVISION_ACTION_COLUMN_NAME = "provision_action"; + private static final String RANGER_KMS_DBKS_CONFIG = "dbks-site"; + private static final String RANGER_KMS_DB_FLAVOR = "DB_FLAVOR"; + private static final String RANGER_KMS_DB_HOST = "db_host"; + private static final String RANGER_KMS_DB_NAME = "db_name"; + private static final String RANGER_KMS_JDBC_URL = "ranger.ks.jpa.jdbc.url"; + private static final String RANGER_KMS_JDBC_DRIVER = "ranger.ks.jpa.jdbc.driver"; + private static final String RANGER_KMS_PROPERTIES = "kms-properties"; // ----- Constructors ------------------------------------------------------ @@ -148,6 +155,7 @@ public class UpgradeCatalog221 extends AbstractUpgradeCatalog { addNewConfigurationsFromXml(); updateAlerts(); updateOozieConfigs(); + updateRangerKmsDbksConfigs(); } protected void updateAlerts() { @@ -355,4 +363,42 @@ public class UpgradeCatalog221 extends AbstractUpgradeCatalog { } } + protected void updateRangerKmsDbksConfigs() throws AmbariException { + AmbariManagementController ambariManagementController = injector.getInstance(AmbariManagementController.class); + + for (final Cluster cluster : getCheckedClusterMap(ambariManagementController.getClusters()).values()) { + Map<String, String> newRangerKmsProps = new HashMap<>(); + Config rangerKmsDbConfigs = cluster.getDesiredConfigByType(RANGER_KMS_PROPERTIES); + if (rangerKmsDbConfigs != null) { + String dbFlavor = rangerKmsDbConfigs.getProperties().get(RANGER_KMS_DB_FLAVOR); + String dbHost = rangerKmsDbConfigs.getProperties().get(RANGER_KMS_DB_HOST); + String dbName = rangerKmsDbConfigs.getProperties().get(RANGER_KMS_DB_NAME); + String dbConnectionString = null; + String dbDriver = null; + + if (dbFlavor != null && dbHost != null && dbName != null) { + if ("MYSQL".equalsIgnoreCase(dbFlavor)) { + dbConnectionString = "jdbc:mysql://"+dbHost+"/"+dbName; + dbDriver = "com.mysql.jdbc.Driver"; + } else if ("ORACLE".equalsIgnoreCase(dbFlavor)) { + dbConnectionString = "jdbc:oracle:thin:@//"+dbHost; + dbDriver = "oracle.jdbc.driver.OracleDriver"; + } else if ("POSTGRES".equalsIgnoreCase(dbFlavor)) { + dbConnectionString = "jdbc:postgresql://"+dbHost+"/"+dbName; + dbDriver = "org.postgresql.Driver"; + } else if ("MSSQL".equalsIgnoreCase(dbFlavor)) { + dbConnectionString = "jdbc:sqlserver://"+dbHost+";databaseName="+dbName; + dbDriver = "com.microsoft.sqlserver.jdbc.SQLServerDriver"; + } else if ("SQLA".equalsIgnoreCase(dbFlavor)) { + dbConnectionString = "jdbc:sqlanywhere:database="+dbName+";host="+dbHost; + dbDriver = "sap.jdbc4.sqlanywhere.IDriver"; + } + newRangerKmsProps.put(RANGER_KMS_JDBC_URL, dbConnectionString); + newRangerKmsProps.put(RANGER_KMS_JDBC_DRIVER, dbDriver); + updateConfigurationPropertiesForCluster(cluster, RANGER_KMS_DBKS_CONFIG, newRangerKmsProps, true, false); + } + } + } + } + } http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/dbks-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/dbks-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/dbks-site.xml index 8291e02..076f0b7 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/dbks-site.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/dbks-site.xml @@ -26,28 +26,54 @@ <value>hdfs</value> <description>Blacklist for decrypt EncryptedKey CryptoExtension operations</description> </property> - + <property> <name>ranger.db.encrypt.key.password</name> <value>_</value> + <property-type>PASSWORD</property-type> + <value-attributes> + <type>password</type> + </value-attributes> <description>Password used for encrypting Master Key</description> </property> - + <property> <name>ranger.ks.jpa.jdbc.url</name> - <value>{{db_jdbc_url}}</value> + <display-name>JDBC connect string</display-name> + <value>jdbc:mysql://localhost</value> <description>URL for Database</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>kms-properties</type> + <name>DB_FLAVOR</name> + </property> + <property> + <type>kms-properties</type> + <name>db_host</name> + </property> + <property> + <type>kms-properties</type> + <name>db_name</name> + </property> + </depends-on> </property> - + <property> <name>ranger.ks.jpa.jdbc.user</name> <value>{{db_user}}</value> <description>Database username used for operation</description> </property> - + <property> <name>ranger.ks.jpa.jdbc.password</name> <value>_</value> + <property-type>PASSWORD</property-type> + <value-attributes> + <type>password</type> + </value-attributes> <description>Database user's password</description> </property> @@ -77,14 +103,24 @@ <property> <name>ranger.ks.jpa.jdbc.driver</name> - <value>{{db_jdbc_driver}}</value> - <description>Driver used for database</description> + <display-name>Driver class name for a JDBC Ranger KMS database</display-name> + <value>com.mysql.jdbc.Driver</value> + <description>Driver used for database</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>kms-properties</type> + <name>DB_FLAVOR</name> + </property> + </depends-on> </property> - + <property> <name>ranger.ks.jdbc.sqlconnectorjar</name> - <value>{{driver_curl_target}}</value> - <description>Driver used for database</description> + <value>{{ews_lib_jar_path}}</value> + <description>Driver used for database</description> </property> - + </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-env.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-env.xml index fb061f6..305282e 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-env.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-env.xml @@ -54,4 +54,26 @@ <description></description> </property> + <property> + <name>create_db_user</name> + <display-name>Setup Database and Database User</display-name> + <value>true</value> + <description>If set to Yes, Ambari will create and setup Ranger Database and Database User. This will require to specify Database Admin user and password</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>true</value> + <label>Yes</label> + </entry> + <entry> + <value>false</value> + <label>No</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> + </property> + </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml index e27562c..a5a57cf 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml @@ -22,12 +22,14 @@ <property> <name>REPOSITORY_CONFIG_USERNAME</name> + <display-name>Repository config username</display-name> <value>keyadmin</value> <description></description> </property> <property> <name>REPOSITORY_CONFIG_PASSWORD</name> + <display-name>Repository config password</display-name> <value>keyadmin</value> <property-type>PASSWORD</property-type> <description></description> @@ -38,67 +40,127 @@ <property> <name>DB_FLAVOR</name> + <display-name>DB FLAVOR</display-name> <value>MYSQL</value> - <description></description> + <description>The database type to be used</description> + <value-attributes> + <overridable>false</overridable> + <type>value-list</type> + <entries> + <entry> + <value>MYSQL</value> + <label>MYSQL</label> + </entry> + <entry> + <value>ORACLE</value> + <label>ORACLE</label> + </entry> + <entry> + <value>POSTGRES</value> + <label>POSTGRES</label> + </entry> + <entry> + <value>MSSQL</value> + <label>MSSQL</label> + </entry> + <entry> + <value>SQLA</value> + <label>SQL Anywhere</label> + </entry> + </entries> + <selection-cardinality>1</selection-cardinality> + </value-attributes> </property> <property> <name>SQL_CONNECTOR_JAR</name> + <display-name>SQL connector jar</display-name> <value>/usr/share/java/mysql-connector-java.jar</value> <description>Location of DB client library (please check the location of the jar file)</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> + <depends-on> + <property> + <type>kms-properties</type> + <name>DB_FLAVOR</name> + </property> + </depends-on> </property> <property> <name>db_root_user</name> + <display-name>Database Administrator (DBA) username</display-name> <value>root</value> - <description></description> + <description>Database admin user. This user should have DBA permission to create the Ranger Database and Ranger Database User</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> </property> <property> <name>db_root_password</name> + <display-name>Database Administrator (DBA) password</display-name> <value></value> <property-type>PASSWORD</property-type> - <description></description> + <description>Database password for the database admin username</description> <value-attributes> <type>password</type> + <overridable>false</overridable> </value-attributes> </property> <property> <name>db_host</name> - <value>localhost</value> - <description></description> + <display-name>Ranger KMS DB host</display-name> + <value></value> + <description>Database host</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> </property> <property> <name>db_name</name> + <display-name>Ranger KMS DB name</display-name> <value>rangerkms</value> - <description></description> + <description>Database name</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> </property> <property> <name>db_user</name> + <display-name>Ranger KMS DB username</display-name> <value>rangerkms</value> - <description></description> + <description>Database username used for the Ranger KMS schema</description> + <value-attributes> + <overridable>false</overridable> + </value-attributes> </property> <property> <name>db_password</name> + <display-name>Ranger KMS DB password</display-name> <value></value> <property-type>PASSWORD</property-type> - <description></description> + <description>Database password for the Ranger KMS schema</description> <value-attributes> <type>password</type> + <overridable>false</overridable> </value-attributes> </property> <property> <name>KMS_MASTER_KEY_PASSWD</name> + <display-name>KMS master key password</display-name> <value></value> <property-type>PASSWORD</property-type> <description></description> <value-attributes> <type>password</type> + <overridable>false</overridable> </value-attributes> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml index d5b0aa7..7c98fb3 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml @@ -51,6 +51,10 @@ <property> <name>xasecure.audit.destination.db.password</name> <value>crypted</value> + <property-type>PASSWORD</property-type> + <value-attributes> + <type>password</type> + </value-attributes> <description>Audit DB JDBC Password</description> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml index bcec1a5..f6b4cbc 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml @@ -29,6 +29,10 @@ <property> <name>xasecure.policymgr.clientssl.keystore.password</name> <value>myKeyFilePassword</value> + <property-type>PASSWORD</property-type> + <value-attributes> + <type>password</type> + </value-attributes> <description>password for keystore</description> </property> @@ -41,6 +45,10 @@ <property> <name>xasecure.policymgr.clientssl.truststore.password</name> <value>changeit</value> + <property-type>PASSWORD</property-type> + <value-attributes> + <type>password</type> + </value-attributes> <description>java truststore password</description> </property> http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py index 5119f1e..706e525 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py @@ -37,6 +37,7 @@ from resource_management.core.utils import PasswordString from resource_management.core.shell import as_sudo import re import time +import socket def password_validation(password, key): import params @@ -114,7 +115,11 @@ def setup_kms_db(): dba_setup = format('ambari-python-wrap {kms_home}/dba_script.py -q') db_setup = format('ambari-python-wrap {kms_home}/db_setup.py') - Execute(dba_setup, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10) + if params.create_db_user: + Logger.info('Setting up Ranger KMS DB and DB User') + Execute(dba_setup, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10) + else: + Logger.info('Separate DBA property not set. Assuming Ranger KMS DB and DB User exists!') Execute(db_setup, environment=env_dict, logoutput=True, user=params.kms_user, tries=5, try_sleep=10) def setup_java_patch(): @@ -174,6 +179,23 @@ def kms(): create_parents = True ) + File(format("/usr/lib/ambari-agent/{check_db_connection_jar_name}"), + content = DownloadSource(format("{jdk_location}{check_db_connection_jar_name}")), + mode = 0644, + ) + + cp = format("{check_db_connection_jar}") + cp = cp + os.pathsep + format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}") + + db_connection_check_command = format( + "{java_home}/bin/java -cp {cp} org.apache.ambari.server.DBConnectionVerification '{ranger_kms_jdbc_connection_url}' {db_user} {db_password!p} {ranger_kms_jdbc_driver}") + + env_dict = {} + if params.db_flavor.lower() == 'sqla': + env_dict = {'LD_LIBRARY_PATH':params.ld_library_path} + + Execute(db_connection_check_command, path='/usr/sbin:/sbin:/usr/local/bin:/bin:/usr/bin', tries=5, try_sleep=10, environment=env_dict) + if params.xa_audit_db_is_enabled: File(params.downloaded_connector_path, content = DownloadSource(params.driver_source), @@ -406,6 +428,9 @@ def create_repo(url, data, usernamepassword): else: Logger.error("Error creating service. Reason - {0}.".format(e.reason)) return False + except socket.timeout as e: + Logger.error("Error creating service. Reason - {0}".format(e)) + return False def get_repo(url, name, usernamepassword): try: @@ -436,3 +461,6 @@ def get_repo(url, name, usernamepassword): else: Logger.error("Error getting {0} service. Reason - {1}.".format(name, e.reason)) return False + except socket.timeout as e: + Logger.error("Error creating service. Reason - {0}".format(e)) + return False http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py index 2e2e52d..95f0896 100755 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py @@ -52,6 +52,8 @@ has_ranger_admin = len(ranger_admin_hosts) > 0 kms_host = config['clusterHostInfo']['ranger_kms_server_hosts'][0] kms_port = config['configurations']['kms-env']['kms_port'] +create_db_user = config['configurations']['kms-env']['create_db_user'] + #kms properties db_flavor = (config['configurations']['kms-properties']['DB_FLAVOR']).lower() db_host = config['configurations']['kms-properties']['db_host'] @@ -123,6 +125,7 @@ downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}") driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}") +ews_lib_jar_path = format("{kms_home}/ews/webapp/lib/{jdbc_jar_name}") if db_flavor == 'sqla': downloaded_custom_connector = format("{tmp_dir}/sqla-client-jdbc.tar.gz") @@ -191,7 +194,13 @@ ssl_truststore_password = unicode(config['configurations']['ranger-kms-policymgr #For SQLA explicitly disable audit to DB for Ranger if xa_audit_db_flavor == 'sqla': xa_audit_db_is_enabled = False + current_host = config['hostname'] ranger_kms_hosts = config['clusterHostInfo']['ranger_kms_server_hosts'] if current_host in ranger_kms_hosts: kms_host = current_host + +check_db_connection_jar_name = "DBConnectionVerification.jar" +check_db_connection_jar = format("/usr/lib/ambari-agent/{check_db_connection_jar_name}") +ranger_kms_jdbc_connection_url = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.url'] +ranger_kms_jdbc_driver = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.driver'] \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER_KMS/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER_KMS/metainfo.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER_KMS/metainfo.xml index e3a9fd9..fdc9098 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER_KMS/metainfo.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER_KMS/metainfo.xml @@ -42,6 +42,14 @@ </packages> </osSpecific> </osSpecifics> + + <themes> + <theme> + <fileName>theme_version_1.json</fileName> + <default>true</default> + </theme> + </themes> + </service> </services> </metainfo> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER_KMS/themes/theme_version_1.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER_KMS/themes/theme_version_1.json b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER_KMS/themes/theme_version_1.json new file mode 100644 index 0000000..c08a56c --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER_KMS/themes/theme_version_1.json @@ -0,0 +1,303 @@ +{ + "name": "default", + "description": "Default theme for Ranger KMS service", + "configuration": { + "layouts": [ + { + "name": "default", + "tabs": [ + { + "name": "db_settings", + "display-name": "Settings", + "layout": { + "tab-columns": "2", + "tab-rows": "2", + "sections": [ + { + "name": "section-db-settings", + "display-name": "", + "row-index": "0", + "column-index": "0", + "row-span": "4", + "column-span": "2", + "section-columns": "2", + "section-rows": "4", + "subsections": [ + { + "name": "subsection-kms-db-row1-col1", + "display-name": "Ranger KMS DB", + "row-index": "0", + "column-index": "0", + "row-span": "1", + "column-span": "1" + }, + { + "name": "subsection-kms-db-row1-col2", + "row-index": "0", + "column-index": "1", + "row-span": "1", + "column-span": "1" + }, + { + "name": "subsection-kms-create-db-user-row2-col", + "display-name": "Setup Database and Database User", + "row-index": "1", + "column-index": "0", + "row-span": "1", + "column-span": "2" + }, + { + "name": "subsection-kms-db-root-user-row3-col1", + "display-name": "Ranger KMS Root DB", + "row-index": "2", + "column-index": "0", + "row-span": "1", + "column-span": "1", + "depends-on": [ + { + "configs":[ + "kms-env/create_db_user" + ], + "if": "${kms-env/create_db_user}", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "name": "subsection-kms-db-root-user-row3-col2", + "row-index": "2", + "column-index": "1", + "row-span": "1", + "column-span": "1", + "depends-on": [ + { + "configs":[ + "kms-env/create_db_user" + ], + "if": "${kms-env/create_db_user}", + "then": { + "property_value_attributes": { + "visible": true + } + }, + "else": { + "property_value_attributes": { + "visible": false + } + } + } + ] + }, + { + "name": "subsection-kms-master-row4-col", + "display-name": "KMS Master Secret Password", + "row-index": "3", + "column-index": "0", + "row-span": "1", + "column-span": "2" + } + ] + } + ] + } + } + ] + } + ], + "placement": { + "configuration-layout": "default", + "configs": [ + { + "config": "kms-properties/DB_FLAVOR", + "subsection-name": "subsection-kms-db-row1-col1" + }, + { + "config": "kms-properties/db_name", + "subsection-name": "subsection-kms-db-row1-col1" + }, + { + "config": "dbks-site/ranger.ks.jpa.jdbc.url", + "subsection-name": "subsection-kms-db-row1-col1" + }, + { + "config": "kms-properties/db_user", + "subsection-name": "subsection-kms-db-row1-col1" + }, + { + "config": "kms-properties/db_host", + "subsection-name": "subsection-kms-db-row1-col2" + }, + { + "config": "kms-properties/SQL_CONNECTOR_JAR", + "subsection-name": "subsection-kms-db-row1-col2", + "depends-on" : [ + { + "configs":[ + "kms-properties/DB_FLAVOR" + ], + "if": "${kms-properties/DB_FLAVOR} === SQLA", + "then": { + "property_value_attributes": { + "visible": false + } + }, + "else": { + "property_value_attributes": { + "visible": true + } + } + } + ] + }, + { + "config": "dbks-site/ranger.ks.jpa.jdbc.driver", + "subsection-name": "subsection-kms-db-row1-col2" + }, + { + "config": "kms-properties/db_password", + "subsection-name": "subsection-kms-db-row1-col2" + }, + { + "config": "kms-properties/db_root_user", + "subsection-name": "subsection-kms-db-root-user-row3-col1" + }, + { + "config": "kms-properties/db_root_password", + "subsection-name": "subsection-kms-db-root-user-row3-col2" + }, + { + "config": "kms-properties/KMS_MASTER_KEY_PASSWD", + "subsection-name": "subsection-kms-master-row4-col" + }, + { + "config" : "kms-env/create_db_user", + "subsection-name": "subsection-kms-create-db-user-row2-col" + }, + { + "config": "kms-env/test_db_kms_connection", + "subsection-name": "subsection-kms-create-db-user-row2-col", + "property_value_attributes": { + "ui_only_property": true + }, + "depends-on": [ + { + "configs":[ + "kms-env/create_db_user" + ], + "if": "${kms-env/create_db_user}", + "then": { + "property_value_attributes": { + "visible": false + } + }, + "else": { + "property_value_attributes": { + "visible": true + } + } + } + ] + } + ] + }, + "widgets": [ + { + "config": "kms-properties/DB_FLAVOR", + "widget": { + "type": "combo" + } + }, + { + "config": "kms-properties/db_user", + "widget": { + "type": "text-field" + } + }, + { + "config": "kms-properties/db_name", + "widget": { + "type": "text-field" + } + }, + { + "config": "kms-properties/SQL_CONNECTOR_JAR", + "widget": { + "type": "text-field" + } + }, + { + "config": "kms-properties/db_root_user", + "widget": { + "type": "text-field" + } + }, + { + "config": "kms-properties/db_host", + "widget": { + "type": "text-field" + } + }, + { + "config": "kms-properties/db_password", + "widget": { + "type": "password" + } + }, + { + "config": "kms-properties/db_root_password", + "widget": { + "type": "password" + } + }, + { + "config": "kms-properties/KMS_MASTER_KEY_PASSWD", + "widget": { + "type": "password" + } + }, + { + "config": "kms-env/create_db_user", + "widget": { + "type": "toggle" + } + }, + { + "config": "kms-env/test_db_kms_connection", + "widget": { + "type": "test-db-connection", + "display-name": "Test Connection", + "required-properties": { + "jdbc.driver.class": "dbks-site/ranger.ks.jpa.jdbc.driver", + "jdbc.driver.url": "dbks-site/ranger.ks.jpa.jdbc.url", + "db.connection.source.host": "ranger_kms-site/ranger_kms_server_hosts", + "db.type": "kms-properties/DB_FLAVOR", + "db.connection.destination.host": "kms-properties/db_host", + "db.connection.user": "kms-properties/db_user", + "db.connection.password": "kms-properties/db_password" + } + } + }, + { + "config": "dbks-site/ranger.ks.jpa.jdbc.driver", + "widget" : { + "type": "text-field" + } + }, + { + "config": "dbks-site/ranger.ks.jpa.jdbc.url", + "widget": { + "type": "text-field" + } + } + ] + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index 0da566b..b37b95a 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -135,6 +135,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor): "HBASE": self.recommendHBASEConfigurations, "KAFKA": self.recommendKAFKAConfigurations, "RANGER": self.recommendRangerConfigurations, + "RANGER_KMS": self.recommendRangerKMSConfigurations, "HAWQ": self.recommendHAWQConfigurations } parentRecommendConfDict.update(childRecommendConfDict) @@ -426,6 +427,41 @@ class HDP23StackAdvisor(HDP22StackAdvisor): elif not security_enabled: putKafkaBrokerAttributes('authorizer.class.name', 'delete', 'true') + def recommendRangerKMSConfigurations(self, configurations, clusterData, services, hosts): + servicesList = [service["StackServices"]["service_name"] for service in services["services"]] + putRangerKmsDbksProperty = self.putProperty(configurations, "dbks-site", services) + putRangerKmsProperty = self.putProperty(configurations, "kms-properties", services) + + if 'kms-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['kms-properties']['properties']): + + rangerKmsDbFlavor = services['configurations']["kms-properties"]["properties"]["DB_FLAVOR"] + ranger_kms_sql_connector_dict = { + 'MYSQL': '/usr/share/java/mysql-connector-java.jar', + 'ORACLE': '/usr/share/java/ojdbc6.jar', + 'POSTGRES': '/usr/share/java/postgresql.jar', + 'MSSQL': '/usr/share/java/sqljdbc4.jar', + 'SQLA': '/path_to_driver/sqla-client-jdbc.tar.gz' + } + + rangerKmsSqlConnectorProperty = ranger_kms_sql_connector_dict.get(rangerKmsDbFlavor, ranger_kms_sql_connector_dict['MYSQL']) + putRangerKmsProperty('SQL_CONNECTOR_JAR', rangerKmsSqlConnectorProperty) + + if ('db_host' in services['configurations']['kms-properties']['properties']) and ('db_name' in services['configurations']['kms-properties']['properties']): + + rangerKmsDbHost = services['configurations']["kms-properties"]["properties"]["db_host"] + rangerKmsDbName = services['configurations']["kms-properties"]["properties"]["db_name"] + + ranger_kms_db_url_dict = { + 'MYSQL': {'ranger.ks.jpa.jdbc.driver': 'com.mysql.jdbc.Driver', 'ranger.ks.jpa.jdbc.url': 'jdbc:mysql://' + rangerKmsDbHost + '/' + rangerKmsDbName}, + 'ORACLE': {'ranger.ks.jpa.jdbc.driver': 'oracle.jdbc.driver.OracleDriver', 'ranger.ks.jpa.jdbc.url': 'jdbc:oracle:thin:@//' + rangerKmsDbHost}, + 'POSTGRES': {'ranger.ks.jpa.jdbc.driver': 'org.postgresql.Driver', 'ranger.ks.jpa.jdbc.url': 'jdbc:postgresql://' + rangerKmsDbHost + '/' + rangerKmsDbName}, + 'MSSQL': {'ranger.ks.jpa.jdbc.driver': 'com.microsoft.sqlserver.jdbc.SQLServerDriver', 'ranger.ks.jpa.jdbc.url': 'jdbc:sqlserver://' + rangerKmsDbHost + ';databaseName=' + rangerKmsDbName}, + 'SQLA': {'ranger.ks.jpa.jdbc.driver': 'sap.jdbc4.sqlanywhere.IDriver', 'ranger.ks.jpa.jdbc.url': 'jdbc:sqlanywhere:host=' + rangerKmsDbHost + ';database=' + rangerKmsDbName} + } + + rangerKmsDbProperties = ranger_kms_db_url_dict.get(rangerKmsDbFlavor, ranger_kms_db_url_dict['MYSQL']) + for key in rangerKmsDbProperties: + putRangerKmsDbksProperty(key, rangerKmsDbProperties.get(key)) def recommendRangerConfigurations(self, configurations, clusterData, services, hosts): super(HDP23StackAdvisor, self).recommendRangerConfigurations(configurations, clusterData, services, hosts) http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog221Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog221Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog221Test.java index 49484c1..c14149f 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog221Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog221Test.java @@ -138,11 +138,13 @@ public class UpgradeCatalog221Test { Method addNewConfigurationsFromXml = AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml"); Method updateAlerts = UpgradeCatalog221.class.getDeclaredMethod("updateAlerts"); Method updateOozieConfigs = UpgradeCatalog221.class.getDeclaredMethod("updateOozieConfigs"); + Method updateRangerKmsDbksConfigs = UpgradeCatalog221.class.getDeclaredMethod("updateRangerKmsDbksConfigs"); UpgradeCatalog221 upgradeCatalog221 = createMockBuilder(UpgradeCatalog221.class) .addMockedMethod(addNewConfigurationsFromXml) .addMockedMethod(updateAlerts) .addMockedMethod(updateOozieConfigs) + .addMockedMethod(updateRangerKmsDbksConfigs) .createMock(); upgradeCatalog221.addNewConfigurationsFromXml(); @@ -151,6 +153,8 @@ public class UpgradeCatalog221Test { expectLastCall().once(); upgradeCatalog221.updateOozieConfigs(); expectLastCall().once(); + upgradeCatalog221.updateRangerKmsDbksConfigs(); + expectLastCall().once(); replay(upgradeCatalog221); @@ -242,6 +246,46 @@ public class UpgradeCatalog221Test { } @Test + public void testUpdateRangerKmsDbksConfigs() throws Exception { + EasyMockSupport easyMockSupport = new EasyMockSupport(); + final AmbariManagementController mockAmbariManagementController = easyMockSupport.createNiceMock(AmbariManagementController.class); + final Clusters mockClusters = easyMockSupport.createStrictMock(Clusters.class); + final Cluster mockClusterExpected = easyMockSupport.createNiceMock(Cluster.class); + + final Map<String, String> propertiesRangerKmsDbConfigs = new HashMap<String, String>(); + propertiesRangerKmsDbConfigs.put("DB_FLAVOR", "MYSQL"); + propertiesRangerKmsDbConfigs.put("db_host", "localhost"); + propertiesRangerKmsDbConfigs.put("db_name", "testdb"); + + final Config mockrangerKmsDbConfigs = easyMockSupport.createNiceMock(Config.class); + + final Injector mockInjector = Guice.createInjector(new AbstractModule() { + @Override + protected void configure() { + bind(AmbariManagementController.class).toInstance(mockAmbariManagementController); + bind(Clusters.class).toInstance(mockClusters); + bind(EntityManager.class).toInstance(entityManager); + + bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class)); + bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class)); + } + }); + + expect(mockAmbariManagementController.getClusters()).andReturn(mockClusters).once(); + expect(mockClusters.getClusters()).andReturn(new HashMap<String, Cluster>() {{ + put("normal", mockClusterExpected); + }}).atLeastOnce(); + + expect(mockClusterExpected.getDesiredConfigByType("kms-properties")).andReturn(mockrangerKmsDbConfigs).atLeastOnce(); + expect(mockrangerKmsDbConfigs.getProperties()).andReturn(propertiesRangerKmsDbConfigs).times(3); + + easyMockSupport.replayAll(); + mockInjector.getInstance(UpgradeCatalog221.class).updateRangerKmsDbksConfigs(); + easyMockSupport.verifyAll(); + + } + + @Test public void testUpdateAmsHbaseSiteConfigs() throws Exception { Map<String, String> clusterEnvProperties = new HashMap<String, String>(); http://git-wip-us.apache.org/repos/asf/ambari/blob/e310fdab/ambari-web/app/models/stack_service.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/models/stack_service.js b/ambari-web/app/models/stack_service.js index 5ab9e74..a7f5f4e 100644 --- a/ambari-web/app/models/stack_service.js +++ b/ambari-web/app/models/stack_service.js @@ -340,6 +340,11 @@ App.StackService.configCategories = function () { App.ServiceConfigCategory.create({ name: 'KnoxSSOSettings', displayName: 'Knox SSO Settings'}) ]); break; + case 'RANGER_KMS': + serviceConfigCategories.pushObjects([ + App.ServiceConfigCategory.create({ name: 'RANGER_KMS_SERVER', displayName: 'Ranger KMS Server', showHost: true}) + ]); + break; case 'ACCUMULO': serviceConfigCategories.pushObjects([ App.ServiceConfigCategory.create({ name: 'General', displayName: 'General'})