http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/service_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/service_advisor.py b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/service_advisor.py deleted file mode 100644 index 875fa30..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/service_advisor.py +++ /dev/null @@ -1,793 +0,0 @@ -#!/usr/bin/env ambari-python-wrap -""" -Licensed to the Apache Software Foundation (ASF) under one -or more contributor license agreements. See the NOTICE file -distributed with this work for additional information -regarding copyright ownership. The ASF licenses this file -to you under the Apache License, Version 2.0 (the -"License"); you may not use this file except in compliance -with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -""" - -# Python imports -import imp -import os -import traceback -import re -import socket -import fnmatch - - -from resource_management.core.logger import Logger - -SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) -STACKS_DIR = os.path.join(SCRIPT_DIR, '../../../stacks/') -PARENT_FILE = os.path.join(STACKS_DIR, 'service_advisor.py') - -try: - with open(PARENT_FILE, 'rb') as fp: - service_advisor = imp.load_module('service_advisor', fp, PARENT_FILE, ('.py', 'rb', imp.PY_SOURCE)) -except Exception as e: - traceback.print_exc() - print "Failed to load parent" - -DB_TYPE_DEFAULT_PORT_MAP = {"MYSQL":"3306", "ORACLE":"1521", "POSTGRES":"5432", "MSSQL":"1433", "SQLA":"2638"} - -class RangerServiceAdvisor(service_advisor.ServiceAdvisor): - - def __init__(self, *args, **kwargs): - self.as_super = super(RangerServiceAdvisor, self) - self.as_super.__init__(*args, **kwargs) - - # Always call these methods - self.modifyMastersWithMultipleInstances() - self.modifyCardinalitiesDict() - self.modifyHeapSizeProperties() - self.modifyNotValuableComponents() - self.modifyComponentsNotPreferableOnServer() - self.modifyComponentLayoutSchemes() - - def modifyMastersWithMultipleInstances(self): - """ - Modify the set of masters with multiple instances. - Must be overriden in child class. - """ - # Nothing to do - pass - - def modifyCardinalitiesDict(self): - """ - Modify the dictionary of cardinalities. - Must be overriden in child class. - """ - # Nothing to do - pass - - def modifyHeapSizeProperties(self): - """ - Modify the dictionary of heap size properties. - Must be overriden in child class. - """ - pass - - def modifyNotValuableComponents(self): - """ - Modify the set of components whose host assignment is based on other services. - Must be overriden in child class. - """ - # Nothing to do - pass - - def modifyComponentsNotPreferableOnServer(self): - """ - Modify the set of components that are not preferable on the server. - Must be overriden in child class. - """ - # Nothing to do - pass - - def modifyComponentLayoutSchemes(self): - """ - Modify layout scheme dictionaries for components. - The scheme dictionary basically maps the number of hosts to - host index where component should exist. - Must be overriden in child class. - """ - # Nothing to do - pass - - def getServiceComponentLayoutValidations(self, services, hosts): - """ - Get a list of errors. - Must be overriden in child class. - """ - - return [] - - def getServiceConfigurationRecommendations(self, configurations, clusterData, services, hosts): - """ - Entry point. - Must be overriden in child class. - """ - #Logger.info("Class: %s, Method: %s. Recommending Service Configurations." % - # (self.__class__.__name__, inspect.stack()[0][3])) - - recommender = RangerRecommender() - recommender.recommendRangerConfigurationsFromHDP206(configurations, clusterData, services, hosts) - recommender.recommendRangerConfigurationsFromHDP22(configurations, clusterData, services, hosts) - recommender.recommendRangerConfigurationsFromHDP23(configurations, clusterData, services, hosts) - recommender.recommendRangerConfigurationsFromHDP25(configurations, clusterData, services, hosts) - recommender.recommendRangerConfigurationsFromHDP26(configurations, clusterData, services, hosts) - - - - def getServiceConfigurationsValidationItems(self, configurations, recommendedDefaults, services, hosts): - """ - Entry point. - Validate configurations for the service. Return a list of errors. - The code for this function should be the same for each Service Advisor. - """ - #Logger.info("Class: %s, Method: %s. Validating Configurations." % - # (self.__class__.__name__, inspect.stack()[0][3])) - - validator = RangerValidator() - # Calls the methods of the validator using arguments, - # method(siteProperties, siteRecommendations, configurations, services, hosts) - return validator.validateListOfConfigUsingMethod(configurations, recommendedDefaults, services, hosts, validator.validators) - - - -class RangerRecommender(service_advisor.ServiceAdvisor): - """ - Ranger Recommender suggests properties when adding the service for the first time or modifying configs via the UI. - """ - - def __init__(self, *args, **kwargs): - self.as_super = super(RangerRecommender, self) - self.as_super.__init__(*args, **kwargs) - - def recommendRangerConfigurationsFromHDP206(self, configurations, clusterData, services, hosts): - - putRangerAdminProperty = self.putProperty(configurations, "admin-properties", services) - - # Build policymgr_external_url - protocol = 'http' - ranger_admin_host = 'localhost' - port = '6080' - - # Check if http is disabled. For HDP-2.3 this can be checked in ranger-admin-site/ranger.service.http.enabled - # For Ranger-0.4.0 this can be checked in ranger-site/http.enabled - if ('ranger-site' in services['configurations'] and 'http.enabled' in services['configurations']['ranger-site']['properties'] \ - and services['configurations']['ranger-site']['properties']['http.enabled'].lower() == 'false') or \ - ('ranger-admin-site' in services['configurations'] and 'ranger.service.http.enabled' in services['configurations']['ranger-admin-site']['properties'] \ - and services['configurations']['ranger-admin-site']['properties']['ranger.service.http.enabled'].lower() == 'false'): - # HTTPS protocol is used - protocol = 'https' - # Starting Ranger-0.5.0.2.3 port stored in ranger-admin-site ranger.service.https.port - if 'ranger-admin-site' in services['configurations'] and \ - 'ranger.service.https.port' in services['configurations']['ranger-admin-site']['properties']: - port = services['configurations']['ranger-admin-site']['properties']['ranger.service.https.port'] - # In Ranger-0.4.0 port stored in ranger-site https.service.port - elif 'ranger-site' in services['configurations'] and \ - 'https.service.port' in services['configurations']['ranger-site']['properties']: - port = services['configurations']['ranger-site']['properties']['https.service.port'] - else: - # HTTP protocol is used - # Starting Ranger-0.5.0.2.3 port stored in ranger-admin-site ranger.service.http.port - if 'ranger-admin-site' in services['configurations'] and \ - 'ranger.service.http.port' in services['configurations']['ranger-admin-site']['properties']: - port = services['configurations']['ranger-admin-site']['properties']['ranger.service.http.port'] - # In Ranger-0.4.0 port stored in ranger-site http.service.port - elif 'ranger-site' in services['configurations'] and \ - 'http.service.port' in services['configurations']['ranger-site']['properties']: - port = services['configurations']['ranger-site']['properties']['http.service.port'] - - ranger_admin_hosts = self.getComponentHostNames(services, "RANGER", "RANGER_ADMIN") - if ranger_admin_hosts: - if len(ranger_admin_hosts) > 1 \ - and services['configurations'] \ - and 'admin-properties' in services['configurations'] and 'policymgr_external_url' in services['configurations']['admin-properties']['properties'] \ - and services['configurations']['admin-properties']['properties']['policymgr_external_url'] \ - and services['configurations']['admin-properties']['properties']['policymgr_external_url'].strip(): - - # in case of HA deployment keep the policymgr_external_url specified in the config - policymgr_external_url = services['configurations']['admin-properties']['properties']['policymgr_external_url'] - else: - - ranger_admin_host = ranger_admin_hosts[0] - policymgr_external_url = "%s://%s:%s" % (protocol, ranger_admin_host, port) - - putRangerAdminProperty('policymgr_external_url', policymgr_external_url) - - rangerServiceVersion = [service['StackServices']['service_version'] for service in services["services"] if service['StackServices']['service_name'] == 'RANGER'][0] - if rangerServiceVersion == '0.4.0': - # Recommend ldap settings based on ambari.properties configuration - # If 'ambari.ldap.isConfigured' == true - # For Ranger version 0.4.0 - if 'ambari-server-properties' in services and \ - 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \ - services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true": - putUserSyncProperty = self.putProperty(configurations, "usersync-properties", services) - serverProperties = services['ambari-server-properties'] - if 'authentication.ldap.managerDn' in serverProperties: - putUserSyncProperty('SYNC_LDAP_BIND_DN', serverProperties['authentication.ldap.managerDn']) - if 'authentication.ldap.primaryUrl' in serverProperties: - ldap_protocol = 'ldap://' - if 'authentication.ldap.useSSL' in serverProperties and serverProperties['authentication.ldap.useSSL'] == 'true': - ldap_protocol = 'ldaps://' - ldapUrl = ldap_protocol + serverProperties['authentication.ldap.primaryUrl'] if serverProperties['authentication.ldap.primaryUrl'] else serverProperties['authentication.ldap.primaryUrl'] - putUserSyncProperty('SYNC_LDAP_URL', ldapUrl) - if 'authentication.ldap.userObjectClass' in serverProperties: - putUserSyncProperty('SYNC_LDAP_USER_OBJECT_CLASS', serverProperties['authentication.ldap.userObjectClass']) - if 'authentication.ldap.usernameAttribute' in serverProperties: - putUserSyncProperty('SYNC_LDAP_USER_NAME_ATTRIBUTE', serverProperties['authentication.ldap.usernameAttribute']) - - - # Set Ranger Admin Authentication method - if 'admin-properties' in services['configurations'] and 'usersync-properties' in services['configurations'] and \ - 'SYNC_SOURCE' in services['configurations']['usersync-properties']['properties']: - rangerUserSyncSource = services['configurations']['usersync-properties']['properties']['SYNC_SOURCE'] - authenticationMethod = rangerUserSyncSource.upper() - if authenticationMethod != 'FILE': - putRangerAdminProperty('authentication_method', authenticationMethod) - - # Recommend xasecure.audit.destination.hdfs.dir - # For Ranger version 0.4.0 - servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services) - include_hdfs = "HDFS" in servicesList - if include_hdfs: - if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']): - default_fs = services['configurations']['core-site']['properties']['fs.defaultFS'] - default_fs += '/ranger/audit/%app-type%/%time:yyyyMMdd%' - putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', default_fs) - - # Recommend Ranger Audit properties for ranger supported services - # For Ranger version 0.4.0 - ranger_services = [ - {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-plugin-properties'}, - {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-plugin-properties'}, - {'service_name': 'HIVE', 'audit_file': 'ranger-hive-plugin-properties'}, - {'service_name': 'KNOX', 'audit_file': 'ranger-knox-plugin-properties'}, - {'service_name': 'STORM', 'audit_file': 'ranger-storm-plugin-properties'} - ] - - for item in range(len(ranger_services)): - if ranger_services[item]['service_name'] in servicesList: - component_audit_file = ranger_services[item]['audit_file'] - if component_audit_file in services["configurations"]: - ranger_audit_dict = [ - {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.db', 'target_configname': 'XAAUDIT.DB.IS_ENABLED'}, - {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs', 'target_configname': 'XAAUDIT.HDFS.IS_ENABLED'}, - {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs.dir', 'target_configname': 'XAAUDIT.HDFS.DESTINATION_DIRECTORY'} - ] - putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services) - - for item in ranger_audit_dict: - if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]: - if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]: - rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']] - else: - rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']] - putRangerAuditProperty(item['target_configname'], rangerAuditProperty) - - - - - def recommendRangerConfigurationsFromHDP22(self, configurations, clusterData, services, hosts): - putRangerEnvProperty = self.putProperty(configurations, "ranger-env") - cluster_env = self.getServicesSiteProperties(services, "cluster-env") - security_enabled = cluster_env is not None and "security_enabled" in cluster_env and \ - cluster_env["security_enabled"].lower() == "true" - if "ranger-env" in configurations and not security_enabled: - putRangerEnvProperty("ranger-storm-plugin-enabled", "No") - - def getDBConnectionHostPort(self, db_type, db_host): - connection_string = "" - if db_type is None or db_type == "": - return connection_string - else: - colon_count = db_host.count(':') - if colon_count == 0: - if DB_TYPE_DEFAULT_PORT_MAP.has_key(db_type): - connection_string = db_host + ":" + DB_TYPE_DEFAULT_PORT_MAP[db_type] - else: - connection_string = db_host - elif colon_count == 1: - connection_string = db_host - elif colon_count == 2: - connection_string = db_host - - return connection_string - - - def getOracleDBConnectionHostPort(self, db_type, db_host, rangerDbName): - connection_string = self.getDBConnectionHostPort(db_type, db_host) - colon_count = db_host.count(':') - if colon_count == 1 and '/' in db_host: - connection_string = "//" + connection_string - elif colon_count == 0 or colon_count == 1: - connection_string = "//" + connection_string + "/" + rangerDbName if rangerDbName else "//" + connection_string - - return connection_string - - def recommendRangerUrlConfigurations(self, configurations, services, requiredServices): - servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - - policymgr_external_url = "" - if 'admin-properties' in services['configurations'] and 'policymgr_external_url' in services['configurations']['admin-properties']['properties']: - if 'admin-properties' in configurations and 'policymgr_external_url' in configurations['admin-properties']['properties']: - policymgr_external_url = configurations['admin-properties']['properties']['policymgr_external_url'] - else: - policymgr_external_url = services['configurations']['admin-properties']['properties']['policymgr_external_url'] - - for index in range(len(requiredServices)): - if requiredServices[index]['service_name'] in servicesList: - component_config_type = requiredServices[index]['config_type'] - component_name = requiredServices[index]['service_name'] - component_config_property = 'ranger.plugin.{0}.policy.rest.url'.format(component_name.lower()) - if requiredServices[index]['service_name'] == 'RANGER_KMS': - component_config_property = 'ranger.plugin.kms.policy.rest.url' - putRangerSecurityProperty = self.putProperty(configurations, component_config_type, services) - if component_config_type in services["configurations"] and component_config_property in services["configurations"][component_config_type]["properties"]: - putRangerSecurityProperty(component_config_property, policymgr_external_url) - - def recommendRangerConfigurationsFromHDP23(self, configurations, clusterData, services, hosts): - servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services) - putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services) - putRangerUgsyncSite = self.putProperty(configurations, "ranger-ugsync-site", services) - - if 'admin-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['admin-properties']['properties'])\ - and ('db_host' in services['configurations']['admin-properties']['properties']) and ('db_name' in services['configurations']['admin-properties']['properties']): - - rangerDbFlavor = services['configurations']["admin-properties"]["properties"]["DB_FLAVOR"] - rangerDbHost = services['configurations']["admin-properties"]["properties"]["db_host"] - rangerDbName = services['configurations']["admin-properties"]["properties"]["db_name"] - ranger_db_url_dict = { - 'MYSQL': {'ranger.jpa.jdbc.driver': 'com.mysql.jdbc.Driver', - 'ranger.jpa.jdbc.url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + '/' + rangerDbName}, - 'ORACLE': {'ranger.jpa.jdbc.driver': 'oracle.jdbc.driver.OracleDriver', - 'ranger.jpa.jdbc.url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerDbFlavor, rangerDbHost, rangerDbName)}, - 'POSTGRES': {'ranger.jpa.jdbc.driver': 'org.postgresql.Driver', - 'ranger.jpa.jdbc.url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + '/' + rangerDbName}, - 'MSSQL': {'ranger.jpa.jdbc.driver': 'com.microsoft.sqlserver.jdbc.SQLServerDriver', - 'ranger.jpa.jdbc.url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';databaseName=' + rangerDbName}, - 'SQLA': {'ranger.jpa.jdbc.driver': 'sap.jdbc4.sqlanywhere.IDriver', - 'ranger.jpa.jdbc.url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';database=' + rangerDbName} - } - rangerDbProperties = ranger_db_url_dict.get(rangerDbFlavor, ranger_db_url_dict['MYSQL']) - for key in rangerDbProperties: - putRangerAdminProperty(key, rangerDbProperties.get(key)) - - if 'admin-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['admin-properties']['properties']) \ - and ('db_host' in services['configurations']['admin-properties']['properties']): - - rangerDbFlavor = services['configurations']["admin-properties"]["properties"]["DB_FLAVOR"] - rangerDbHost = services['configurations']["admin-properties"]["properties"]["db_host"] - ranger_db_privelege_url_dict = { - 'MYSQL': {'ranger_privelege_user_jdbc_url': 'jdbc:mysql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost)}, - 'ORACLE': {'ranger_privelege_user_jdbc_url': 'jdbc:oracle:thin:@' + self.getOracleDBConnectionHostPort(rangerDbFlavor, rangerDbHost, None)}, - 'POSTGRES': {'ranger_privelege_user_jdbc_url': 'jdbc:postgresql://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + '/postgres'}, - 'MSSQL': {'ranger_privelege_user_jdbc_url': 'jdbc:sqlserver://' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';'}, - 'SQLA': {'ranger_privelege_user_jdbc_url': 'jdbc:sqlanywhere:host=' + self.getDBConnectionHostPort(rangerDbFlavor, rangerDbHost) + ';'} - } - rangerPrivelegeDbProperties = ranger_db_privelege_url_dict.get(rangerDbFlavor, ranger_db_privelege_url_dict['MYSQL']) - for key in rangerPrivelegeDbProperties: - putRangerEnvProperty(key, rangerPrivelegeDbProperties.get(key)) - - # Recommend ldap settings based on ambari.properties configuration - if 'ambari-server-properties' in services and \ - 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \ - services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true": - serverProperties = services['ambari-server-properties'] - if 'authentication.ldap.baseDn' in serverProperties: - putRangerUgsyncSite('ranger.usersync.ldap.searchBase', serverProperties['authentication.ldap.baseDn']) - if 'authentication.ldap.groupMembershipAttr' in serverProperties: - putRangerUgsyncSite('ranger.usersync.group.memberattributename', serverProperties['authentication.ldap.groupMembershipAttr']) - if 'authentication.ldap.groupNamingAttr' in serverProperties: - putRangerUgsyncSite('ranger.usersync.group.nameattribute', serverProperties['authentication.ldap.groupNamingAttr']) - if 'authentication.ldap.groupObjectClass' in serverProperties: - putRangerUgsyncSite('ranger.usersync.group.objectclass', serverProperties['authentication.ldap.groupObjectClass']) - if 'authentication.ldap.managerDn' in serverProperties: - putRangerUgsyncSite('ranger.usersync.ldap.binddn', serverProperties['authentication.ldap.managerDn']) - if 'authentication.ldap.primaryUrl' in serverProperties: - ldap_protocol = 'ldap://' - if 'authentication.ldap.useSSL' in serverProperties and serverProperties['authentication.ldap.useSSL'] == 'true': - ldap_protocol = 'ldaps://' - ldapUrl = ldap_protocol + serverProperties['authentication.ldap.primaryUrl'] if serverProperties['authentication.ldap.primaryUrl'] else serverProperties['authentication.ldap.primaryUrl'] - putRangerUgsyncSite('ranger.usersync.ldap.url', ldapUrl) - if 'authentication.ldap.userObjectClass' in serverProperties: - putRangerUgsyncSite('ranger.usersync.ldap.user.objectclass', serverProperties['authentication.ldap.userObjectClass']) - if 'authentication.ldap.usernameAttribute' in serverProperties: - putRangerUgsyncSite('ranger.usersync.ldap.user.nameattribute', serverProperties['authentication.ldap.usernameAttribute']) - - - # Recommend Ranger Authentication method - authMap = { - 'org.apache.ranger.unixusersync.process.UnixUserGroupBuilder': 'UNIX', - 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder': 'LDAP' - } - - if 'ranger-ugsync-site' in services['configurations'] and 'ranger.usersync.source.impl.class' in services['configurations']["ranger-ugsync-site"]["properties"]: - rangerUserSyncClass = services['configurations']["ranger-ugsync-site"]["properties"]["ranger.usersync.source.impl.class"] - if rangerUserSyncClass in authMap: - rangerSqlConnectorProperty = authMap.get(rangerUserSyncClass) - putRangerAdminProperty('ranger.authentication.method', rangerSqlConnectorProperty) - - - if 'ranger-env' in services['configurations'] and 'is_solrCloud_enabled' in services['configurations']["ranger-env"]["properties"]: - isSolrCloudEnabled = services['configurations']["ranger-env"]["properties"]["is_solrCloud_enabled"] == "true" - else: - isSolrCloudEnabled = False - - if isSolrCloudEnabled: - zookeeper_host_port = self.getZKHostPortString(services) - ranger_audit_zk_port = '' - if zookeeper_host_port: - ranger_audit_zk_port = '{0}/{1}'.format(zookeeper_host_port, 'ranger_audits') - putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port) - else: - putRangerAdminProperty('ranger.audit.solr.zookeepers', 'NONE') - - # Recommend ranger.audit.solr.zookeepers and xasecure.audit.destination.hdfs.dir - include_hdfs = "HDFS" in servicesList - if include_hdfs: - if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']): - default_fs = services['configurations']['core-site']['properties']['fs.defaultFS'] - putRangerEnvProperty('xasecure.audit.destination.hdfs.dir', '{0}/{1}/{2}'.format(default_fs,'ranger','audit')) - - # Recommend Ranger supported service's audit properties - ranger_services = [ - {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'}, - {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'}, - {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-audit'}, - {'service_name': 'HIVE', 'audit_file': 'ranger-hive-audit'}, - {'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'}, - {'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'}, - {'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'} - ] - - for item in range(len(ranger_services)): - if ranger_services[item]['service_name'] in servicesList: - component_audit_file = ranger_services[item]['audit_file'] - if component_audit_file in services["configurations"]: - ranger_audit_dict = [ - {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.db', 'target_configname': 'xasecure.audit.destination.db'}, - {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs', 'target_configname': 'xasecure.audit.destination.hdfs'}, - {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.hdfs.dir', 'target_configname': 'xasecure.audit.destination.hdfs.dir'}, - {'filename': 'ranger-env', 'configname': 'xasecure.audit.destination.solr', 'target_configname': 'xasecure.audit.destination.solr'}, - {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.urls', 'target_configname': 'xasecure.audit.destination.solr.urls'}, - {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.zookeepers', 'target_configname': 'xasecure.audit.destination.solr.zookeepers'} - ] - putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services) - - for item in ranger_audit_dict: - if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]: - if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]: - rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']] - else: - rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']] - putRangerAuditProperty(item['target_configname'], rangerAuditProperty) - - audit_solr_flag = 'false' - audit_db_flag = 'false' - ranger_audit_source_type = 'solr' - if 'ranger-env' in services['configurations'] and 'xasecure.audit.destination.solr' in services['configurations']["ranger-env"]["properties"]: - audit_solr_flag = services['configurations']["ranger-env"]["properties"]['xasecure.audit.destination.solr'] - if 'ranger-env' in services['configurations'] and 'xasecure.audit.destination.db' in services['configurations']["ranger-env"]["properties"]: - audit_db_flag = services['configurations']["ranger-env"]["properties"]['xasecure.audit.destination.db'] - - if audit_db_flag == 'true' and audit_solr_flag == 'false': - ranger_audit_source_type = 'db' - putRangerAdminProperty('ranger.audit.source.type',ranger_audit_source_type) - - knox_host = 'localhost' - knox_port = '8443' - if 'KNOX' in servicesList: - knox_hosts = self.getComponentHostNames(services, "KNOX", "KNOX_GATEWAY") - if len(knox_hosts) > 0: - knox_hosts.sort() - knox_host = knox_hosts[0] - if 'gateway-site' in services['configurations'] and 'gateway.port' in services['configurations']["gateway-site"]["properties"]: - knox_port = services['configurations']["gateway-site"]["properties"]['gateway.port'] - putRangerAdminProperty('ranger.sso.providerurl', 'https://{0}:{1}/gateway/knoxsso/api/v1/websso'.format(knox_host, knox_port)) - - required_services = [ - {'service_name': 'HDFS', 'config_type': 'ranger-hdfs-security'}, - {'service_name': 'YARN', 'config_type': 'ranger-yarn-security'}, - {'service_name': 'HBASE', 'config_type': 'ranger-hbase-security'}, - {'service_name': 'HIVE', 'config_type': 'ranger-hive-security'}, - {'service_name': 'KNOX', 'config_type': 'ranger-knox-security'}, - {'service_name': 'KAFKA', 'config_type': 'ranger-kafka-security'}, - {'service_name': 'RANGER_KMS','config_type': 'ranger-kms-security'}, - {'service_name': 'STORM', 'config_type': 'ranger-storm-security'} - ] - - # recommendation for ranger url for ranger-supported plugins - self.recommendRangerUrlConfigurations(configurations, services, required_services) - - - def recommendRangerConfigurationsFromHDP25(self, configurations, clusterData, services, hosts): - servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - has_ranger_tagsync = False - - putTagsyncAppProperty = self.putProperty(configurations, "tagsync-application-properties", services) - putTagsyncSiteProperty = self.putProperty(configurations, "ranger-tagsync-site", services) - putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services) - putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services) - - application_properties = self.getServicesSiteProperties(services, "application-properties") - - ranger_tagsync_host = self.getHostsForComponent(services, "RANGER", "RANGER_TAGSYNC") - has_ranger_tagsync = len(ranger_tagsync_host) > 0 - - if 'ATLAS' in servicesList and has_ranger_tagsync: - atlas_hosts = self.getHostNamesWithComponent("ATLAS", "ATLAS_SERVER", services) - atlas_host = 'localhost' if len(atlas_hosts) == 0 else atlas_hosts[0] - protocol = 'http' - atlas_port = '21000' - - if application_properties and 'atlas.enableTLS' in application_properties and application_properties['atlas.enableTLS'].lower() == 'true': - protocol = 'https' - if 'atlas.server.https.port' in application_properties: - atlas_port = application_properties['atlas.server.https.port'] - else: - protocol = 'http' - if application_properties and 'atlas.server.http.port' in application_properties: - atlas_port = application_properties['atlas.server.http.port'] - - atlas_rest_endpoint = '{0}://{1}:{2}'.format(protocol, atlas_host, atlas_port) - - putTagsyncSiteProperty('ranger.tagsync.source.atlas', 'true') - putTagsyncSiteProperty('ranger.tagsync.source.atlasrest.endpoint', atlas_rest_endpoint) - - zookeeper_host_port = self.getZKHostPortString(services) - if zookeeper_host_port and has_ranger_tagsync: - putTagsyncAppProperty('atlas.kafka.zookeeper.connect', zookeeper_host_port) - - if 'KAFKA' in servicesList and has_ranger_tagsync: - kafka_hosts = self.getHostNamesWithComponent("KAFKA", "KAFKA_BROKER", services) - kafka_port = '6667' - if 'kafka-broker' in services['configurations'] and ( - 'port' in services['configurations']['kafka-broker']['properties']): - kafka_port = services['configurations']['kafka-broker']['properties']['port'] - kafka_host_port = [] - for i in range(len(kafka_hosts)): - kafka_host_port.append(kafka_hosts[i] + ':' + kafka_port) - - final_kafka_host = ",".join(kafka_host_port) - putTagsyncAppProperty('atlas.kafka.bootstrap.servers', final_kafka_host) - - is_solr_cloud_enabled = False - if 'ranger-env' in services['configurations'] and 'is_solrCloud_enabled' in services['configurations']['ranger-env']['properties']: - is_solr_cloud_enabled = services['configurations']['ranger-env']['properties']['is_solrCloud_enabled'] == 'true' - - is_external_solr_cloud_enabled = False - if 'ranger-env' in services['configurations'] and 'is_external_solrCloud_enabled' in services['configurations']['ranger-env']['properties']: - is_external_solr_cloud_enabled = services['configurations']['ranger-env']['properties']['is_external_solrCloud_enabled'] == 'true' - - ranger_audit_zk_port = '' - - if 'AMBARI_INFRA' in servicesList and zookeeper_host_port and is_solr_cloud_enabled and not is_external_solr_cloud_enabled: - zookeeper_host_port = zookeeper_host_port.split(',') - zookeeper_host_port.sort() - zookeeper_host_port = ",".join(zookeeper_host_port) - infra_solr_znode = '/infra-solr' - - if 'infra-solr-env' in services['configurations'] and \ - ('infra_solr_znode' in services['configurations']['infra-solr-env']['properties']): - infra_solr_znode = services['configurations']['infra-solr-env']['properties']['infra_solr_znode'] - ranger_audit_zk_port = '{0}{1}'.format(zookeeper_host_port, infra_solr_znode) - putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port) - elif zookeeper_host_port and is_solr_cloud_enabled and is_external_solr_cloud_enabled: - ranger_audit_zk_port = '{0}/{1}'.format(zookeeper_host_port, 'ranger_audits') - putRangerAdminProperty('ranger.audit.solr.zookeepers', ranger_audit_zk_port) - else: - putRangerAdminProperty('ranger.audit.solr.zookeepers', 'NONE') - - ranger_services = [ - {'service_name': 'HDFS', 'audit_file': 'ranger-hdfs-audit'}, - {'service_name': 'YARN', 'audit_file': 'ranger-yarn-audit'}, - {'service_name': 'HBASE', 'audit_file': 'ranger-hbase-audit'}, - {'service_name': 'HIVE', 'audit_file': 'ranger-hive-audit'}, - {'service_name': 'KNOX', 'audit_file': 'ranger-knox-audit'}, - {'service_name': 'KAFKA', 'audit_file': 'ranger-kafka-audit'}, - {'service_name': 'STORM', 'audit_file': 'ranger-storm-audit'}, - {'service_name': 'RANGER_KMS', 'audit_file': 'ranger-kms-audit'}, - {'service_name': 'ATLAS', 'audit_file': 'ranger-atlas-audit'} - ] - - for item in range(len(ranger_services)): - if ranger_services[item]['service_name'] in servicesList: - component_audit_file = ranger_services[item]['audit_file'] - if component_audit_file in services["configurations"]: - ranger_audit_dict = [ - {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.urls', 'target_configname': 'xasecure.audit.destination.solr.urls'}, - {'filename': 'ranger-admin-site', 'configname': 'ranger.audit.solr.zookeepers', 'target_configname': 'xasecure.audit.destination.solr.zookeepers'} - ] - putRangerAuditProperty = self.putProperty(configurations, component_audit_file, services) - - for item in ranger_audit_dict: - if item['filename'] in services["configurations"] and item['configname'] in services["configurations"][item['filename']]["properties"]: - if item['filename'] in configurations and item['configname'] in configurations[item['filename']]["properties"]: - rangerAuditProperty = configurations[item['filename']]["properties"][item['configname']] - else: - rangerAuditProperty = services["configurations"][item['filename']]["properties"][item['configname']] - putRangerAuditProperty(item['target_configname'], rangerAuditProperty) - - if "HDFS" in servicesList: - hdfs_user = None - if "hadoop-env" in services["configurations"] and "hdfs_user" in services["configurations"]["hadoop-env"]["properties"]: - hdfs_user = services["configurations"]["hadoop-env"]["properties"]["hdfs_user"] - putRangerAdminProperty('ranger.kms.service.user.hdfs', hdfs_user) - - if "HIVE" in servicesList: - hive_user = None - if "hive-env" in services["configurations"] and "hive_user" in services["configurations"]["hive-env"]["properties"]: - hive_user = services["configurations"]["hive-env"]["properties"]["hive_user"] - putRangerAdminProperty('ranger.kms.service.user.hive', hive_user) - - ranger_plugins_serviceuser = [ - {'service_name': 'HDFS', 'file_name': 'hadoop-env', 'config_name': 'hdfs_user', 'target_configname': 'ranger.plugins.hdfs.serviceuser'}, - {'service_name': 'HIVE', 'file_name': 'hive-env', 'config_name': 'hive_user', 'target_configname': 'ranger.plugins.hive.serviceuser'}, - {'service_name': 'YARN', 'file_name': 'yarn-env', 'config_name': 'yarn_user', 'target_configname': 'ranger.plugins.yarn.serviceuser'}, - {'service_name': 'HBASE', 'file_name': 'hbase-env', 'config_name': 'hbase_user', 'target_configname': 'ranger.plugins.hbase.serviceuser'}, - {'service_name': 'KNOX', 'file_name': 'knox-env', 'config_name': 'knox_user', 'target_configname': 'ranger.plugins.knox.serviceuser'}, - {'service_name': 'STORM', 'file_name': 'storm-env', 'config_name': 'storm_user', 'target_configname': 'ranger.plugins.storm.serviceuser'}, - {'service_name': 'KAFKA', 'file_name': 'kafka-env', 'config_name': 'kafka_user', 'target_configname': 'ranger.plugins.kafka.serviceuser'}, - {'service_name': 'RANGER_KMS', 'file_name': 'kms-env', 'config_name': 'kms_user', 'target_configname': 'ranger.plugins.kms.serviceuser'}, - {'service_name': 'ATLAS', 'file_name': 'atlas-env', 'config_name': 'metadata_user', 'target_configname': 'ranger.plugins.atlas.serviceuser'} - ] - - for item in range(len(ranger_plugins_serviceuser)): - if ranger_plugins_serviceuser[item]['service_name'] in servicesList: - file_name = ranger_plugins_serviceuser[item]['file_name'] - config_name = ranger_plugins_serviceuser[item]['config_name'] - target_configname = ranger_plugins_serviceuser[item]['target_configname'] - if file_name in services["configurations"] and config_name in services["configurations"][file_name]["properties"]: - service_user = services["configurations"][file_name]["properties"][config_name] - putRangerAdminProperty(target_configname, service_user) - - if "ATLAS" in servicesList: - if "ranger-env" in services["configurations"]: - putAtlasRangerAuditProperty = self.putProperty(configurations, 'ranger-atlas-audit', services) - xasecure_audit_destination_hdfs = '' - xasecure_audit_destination_hdfs_dir = '' - xasecure_audit_destination_solr = '' - if 'xasecure.audit.destination.hdfs' in configurations['ranger-env']['properties']: - xasecure_audit_destination_hdfs = configurations['ranger-env']['properties']['xasecure.audit.destination.hdfs'] - else: - xasecure_audit_destination_hdfs = services['configurations']['ranger-env']['properties']['xasecure.audit.destination.hdfs'] - - if 'core-site' in services['configurations'] and ('fs.defaultFS' in services['configurations']['core-site']['properties']): - xasecure_audit_destination_hdfs_dir = '{0}/{1}/{2}'.format(services['configurations']['core-site']['properties']['fs.defaultFS'] ,'ranger','audit') - - if 'xasecure.audit.destination.solr' in configurations['ranger-env']['properties']: - xasecure_audit_destination_solr = configurations['ranger-env']['properties']['xasecure.audit.destination.solr'] - else: - xasecure_audit_destination_solr = services['configurations']['ranger-env']['properties']['xasecure.audit.destination.solr'] - - putAtlasRangerAuditProperty('xasecure.audit.destination.hdfs',xasecure_audit_destination_hdfs) - putAtlasRangerAuditProperty('xasecure.audit.destination.hdfs.dir',xasecure_audit_destination_hdfs_dir) - putAtlasRangerAuditProperty('xasecure.audit.destination.solr',xasecure_audit_destination_solr) - required_services = [ - {'service_name': 'ATLAS', 'config_type': 'ranger-atlas-security'} - ] - - # recommendation for ranger url for ranger-supported plugins - self.recommendRangerUrlConfigurations(configurations, services, required_services) - - - def recommendRangerConfigurationsFromHDP26(self, configurations, clusterData, services, hosts): - - putRangerUgsyncSite = self.putProperty(configurations, 'ranger-ugsync-site', services) - - delta_sync_enabled = False - if 'ranger-ugsync-site' in services['configurations'] and 'ranger.usersync.ldap.deltasync' in services['configurations']['ranger-ugsync-site']['properties']: - delta_sync_enabled = services['configurations']['ranger-ugsync-site']['properties']['ranger.usersync.ldap.deltasync'] == "true" - - if delta_sync_enabled: - putRangerUgsyncSite("ranger.usersync.group.searchenabled", "true") - else: - putRangerUgsyncSite("ranger.usersync.group.searchenabled", "false") - - - - - -class RangerValidator(service_advisor.ServiceAdvisor): - """ - Ranger Validator checks the correctness of properties whenever the service is first added or the user attempts to - change configs via the UI. - """ - - def __init__(self, *args, **kwargs): - self.as_super = super(RangerValidator, self) - self.as_super.__init__(*args, **kwargs) - - self.validators = [("ranger-env", self.validateRangerConfigurationsEnvFromHDP22), - ("admin-properties", self.validateRangerAdminConfigurationsFromHDP23), - ("ranger-env", self.validateRangerConfigurationsEnvFromHDP23), - ("ranger-tagsync-site", self.validateRangerTagsyncConfigurationsFromHDP25), - ("ranger-ugsync-site", self.validateRangerUsersyncConfigurationsFromHDP26)] - - - - def validateRangerConfigurationsEnvFromHDP22(self, properties, recommendedDefaults, configurations, services, hosts): - ranger_env_properties = properties - validationItems = [] - servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - if "ranger-storm-plugin-enabled" in ranger_env_properties and ranger_env_properties['ranger-storm-plugin-enabled'].lower() == 'yes' and not 'KERBEROS' in servicesList: - validationItems.append({"config-name": "ranger-storm-plugin-enabled", - "item": self.getWarnItem("Ranger Storm plugin should not be enabled in non-kerberos environment.")}) - return self.toConfigurationValidationProblems(validationItems, "ranger-env") - - def validateRangerAdminConfigurationsFromHDP23(self, properties, recommendedDefaults, configurations, services, hosts): - ranger_site = properties - validationItems = [] - servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - if 'RANGER' in servicesList and 'policymgr_external_url' in ranger_site: - policymgr_mgr_url = ranger_site['policymgr_external_url'] - if policymgr_mgr_url.endswith('/'): - validationItems.append({'config-name':'policymgr_external_url', - 'item':self.getWarnItem('Ranger External URL should not contain trailing slash "/"')}) - return self.toConfigurationValidationProblems(validationItems,'admin-properties') - - - def validateRangerConfigurationsEnvFromHDP23(self, properties, recommendedDefaults, configurations, services, hosts): - ranger_env_properties = properties - validationItems = [] - security_enabled = self.isSecurityEnabled(services) - - if "ranger-kafka-plugin-enabled" in ranger_env_properties and ranger_env_properties["ranger-kafka-plugin-enabled"].lower() == 'yes' and not security_enabled: - validationItems.append({"config-name": "ranger-kafka-plugin-enabled", - "item": self.getWarnItem( - "Ranger Kafka plugin should not be enabled in non-kerberos environment.")}) - - validationProblems = self.toConfigurationValidationProblems(validationItems, "ranger-env") - return validationProblems - - - def validateRangerTagsyncConfigurationsFromHDP25(self, properties, recommendedDefaults, configurations, services, hosts): - ranger_tagsync_properties = properties - validationItems = [] - servicesList = [service["StackServices"]["service_name"] for service in services["services"]] - - has_atlas = False - if "RANGER" in servicesList: - has_atlas = not "ATLAS" in servicesList - - if has_atlas and 'ranger.tagsync.source.atlas' in ranger_tagsync_properties and \ - ranger_tagsync_properties['ranger.tagsync.source.atlas'].lower() == 'true': - validationItems.append({"config-name": "ranger.tagsync.source.atlas", - "item": self.getWarnItem( - "Need to Install ATLAS service to set ranger.tagsync.source.atlas as true.")}) - - return self.toConfigurationValidationProblems(validationItems, "ranger-tagsync-site") - - def validateRangerUsersyncConfigurationsFromHDP26(self, properties, recommendedDefaults, configurations, services, hosts): - ranger_usersync_properties = properties - validationItems = [] - - delta_sync_enabled = 'ranger.usersync.ldap.deltasync' in ranger_usersync_properties \ - and ranger_usersync_properties['ranger.usersync.ldap.deltasync'].lower() == 'true' - group_sync_enabled = 'ranger.usersync.group.searchenabled' in ranger_usersync_properties \ - and ranger_usersync_properties['ranger.usersync.group.searchenabled'].lower() == 'true' - usersync_source_ldap_enabled = 'ranger.usersync.source.impl.class' in ranger_usersync_properties \ - and ranger_usersync_properties['ranger.usersync.source.impl.class'] == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder' - - if usersync_source_ldap_enabled and delta_sync_enabled and not group_sync_enabled: - validationItems.append({"config-name": "ranger.usersync.group.searchenabled", - "item": self.getWarnItem( - "Need to set ranger.usersync.group.searchenabled as true, as ranger.usersync.ldap.deltasync is enabled")}) - - return self.toConfigurationValidationProblems(validationItems, "ranger-ugsync-site") \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/3dc51b0c/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json b/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json deleted file mode 100644 index e6724cd..0000000 --- a/ambari-server/src/main/resources/common-services/RANGER/0.7.0.3.0/themes/theme_version_1.json +++ /dev/null @@ -1,722 +0,0 @@ -{ - "name": "default", - "description": "Default theme for Ranger service", - "configuration": { - "layouts": [ - { - "name": "default", - "tabs": [ - { - "name": "ranger_admin_settings", - "display-name": "Ranger Admin", - "layout": { - "tab-columns": "2", - "tab-rows": "2", - "sections": [ - { - "name": "section-ranger-admin", - "display-name": "Ranger Admin", - "row-index": "0", - "column-index": "0", - "row-span": "3", - "column-span": "2", - "section-columns": "2", - "section-rows": "3", - "subsections": [ - { - "name": "subsection-ranger-db-row1-col1", - "row-index": "0", - "column-index": "0", - "row-span": "1", - "column-span": "1" - }, - { - "name": "subsection-ranger-db-row1-col2", - "row-index": "0", - "column-index": "1", - "row-span": "1", - "column-span": "1" - }, - { - "name": "subsection-ranger-db-root-user-col1", - "row-index": "1", - "column-index": "0", - "row-span": "1", - "column-span": "1" - }, - { - "name": "subsection-ranger-db-root-user-col2", - "row-index": "1", - "column-index": "1", - "row-span": "1", - "column-span": "1" - } - ] - } - ] - } - }, - { - "name": "ranger_user_info", - "display-name": "Ranger User Info", - "layout": { - "tab-columns": "1", - "tab-rows": "1", - "sections": [ - { - "name": "section-user-info", - "display-name": "Ranger User Info", - "row-index": "0", - "column-index": "0", - "row-span": "2", - "column-span": "1", - "section-columns": "1", - "section-rows": "2", - "subsections": [ - { - "name": "subsection-ranger-user-row2-col1", - "row-index": "0", - "column-index": "0", - "row-span": "1", - "column-span": "1", - "subsection-tabs": [ - { - "name": "ldap-common-configs", - "display-name": "Common Configs", - "depends-on": [ - { - "configs": [ - "usersync-properties/SYNC_SOURCE" - ], - "if": "${usersync-properties/SYNC_SOURCE} === ldap", - "then": { - "property_value_attributes": { - "visible": true - } - }, - "else": { - "property_value_attributes": { - "visible": false - } - } - } - ] - }, - { - "name": "ldap-user-configs", - "display-name": "User Configs", - "depends-on": [ - { - "configs": [ - "usersync-properties/SYNC_SOURCE" - ], - "if": "${usersync-properties/SYNC_SOURCE} === ldap", - "then": { - "property_value_attributes": { - "visible": true - } - }, - "else": { - "property_value_attributes": { - "visible": false - } - } - } - ] - } - ] - } - ] - } - ] - } - }, - { - "name": "ranger_plugin", - "display-name": "Ranger Plugin", - "layout": { - "tab-columns": "1", - "tab-rows": "1", - "sections": [ - { - "name": "section-ranger-plugin", - "display-name": "Ranger Plugin", - "row-index": "0", - "column-index": "0", - "row-span": "1", - "column-span": "3", - "section-columns": "3", - "section-rows": "1", - "subsections": [ - { - "name": "section-ranger-plugin-row1-col1", - "row-index": "0", - "column-index": "0", - "row-span": "1", - "column-span": "1" - }, - { - "name": "section-ranger-plugin-row1-col2", - "row-index": "0", - "column-index": "1", - "row-span": "1", - "column-span": "1" - }, - { - "name": "section-ranger-plugin-row1-col3", - "row-index": "0", - "column-index": "2", - "row-span": "1", - "column-span": "1" - } - ] - } - ] - } - }, - { - "name": "ranger_audit_settings", - "display-name": "Ranger Audit", - "layout": { - "tab-columns": "1", - "tab-rows": "2", - "sections": [ - { - "name": "section-ranger-audit-hdfs", - "display-name": "Audit to HDFS", - "row-index": "0", - "column-index": "1", - "row-span": "1", - "column-span": "1", - "section-columns": "1", - "section-rows": "1", - "subsections": [ - { - "name": "subsection-ranger-hdfs-row1-col1", - "row-index": "0", - "column-index": "0", - "row-span": "1", - "column-span": "1" - } - ] - }, - { - "name": "section-ranger-audit-db", - "display-name": "Audit to DB", - "row-index": "1", - "column-index": "0", - "row-span": "1", - "column-span": "1", - "section-columns": "1", - "section-rows": "1", - "subsections": [ - { - "name": "subsection-ranger-audit-db-row2-col1", - "row-index": "0", - "column-index": "0", - "row-span": "1", - "column-span": "1" - }, - { - "name": "subsection-ranger-audit-db-row2-col2", - "row-index": "0", - "column-index": "1", - "row-span": "1", - "column-span": "1" - } - ] - } - ] - } - } - ] - } - ], - "placement": { - "configuration-layout": "default", - "configs": [ - { - "config": "admin-properties/DB_FLAVOR", - "subsection-name": "subsection-ranger-db-row1-col1" - }, - { - "config": "admin-properties/db_name", - "subsection-name": "subsection-ranger-db-row1-col1" - }, - { - "config": "admin-properties/db_user", - "subsection-name": "subsection-ranger-db-row1-col1" - }, - { - "config": "ranger-admin-site/ranger.jpa.jdbc.url", - "subsection-name": "subsection-ranger-db-row1-col1" - }, - { - "config": "admin-properties/db_host", - "subsection-name": "subsection-ranger-db-row1-col2" - }, - { - "config": "ranger-admin-site/ranger.jpa.jdbc.driver", - "subsection-name": "subsection-ranger-db-row1-col2" - }, - { - "config": "admin-properties/db_password", - "subsection-name": "subsection-ranger-db-row1-col2" - }, - { - "config": "admin-properties/db_root_user", - "subsection-name": "subsection-ranger-db-root-user-col1" - }, - { - "config": "admin-properties/db_root_password", - "subsection-name": "subsection-ranger-db-root-user-col2" - }, - { - "config": "usersync-properties/SYNC_SOURCE", - "subsection-name": "subsection-ranger-user-row2-col1" - }, - - { - "config": "usersync-properties/MIN_UNIX_USER_ID_TO_SYNC", - "subsection-name": "subsection-ranger-user-row2-col1", - "depends-on": [ - { - "configs":[ - "usersync-properties/SYNC_SOURCE" - ], - "if": "${usersync-properties/SYNC_SOURCE} === unix", - "then": { - "property_value_attributes": { - "visible": true - } - }, - "else": { - "property_value_attributes": { - "visible": false - } - } - } - ] - }, - { - "config": "usersync-properties/SYNC_LDAP_URL", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-common-configs" - }, - { - "config": "ranger-env/bind_anonymous", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-common-configs" - }, - { - "config": "usersync-properties/SYNC_LDAP_BIND_DN", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-common-configs", - "depends-on": [ - { - "configs":[ - "ranger-env/bind_anonymous" - ], - "if": "${ranger-env/bind_anonymous}", - "then": { - "property_value_attributes": { - "visible": false - } - }, - "else": { - "property_value_attributes": { - "visible": true - } - } - } - ] - - }, - { - "config": "usersync-properties/SYNC_LDAP_BIND_PASSWORD", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-common-configs", - "depends-on": [ - { - "configs":[ - "ranger-env/bind_anonymous" - ], - "if": "${ranger-env/bind_anonymous}", - "then": { - "property_value_attributes": { - "visible": false - } - }, - "else": { - "property_value_attributes": { - "visible": true - } - } - } - ] - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-user-configs" - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-user-configs" - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_BASE", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-user-configs" - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-user-configs" - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-user-configs" - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE", - "subsection-name": "subsection-ranger-user-row2-col1", - "subsection-tab-name": "ldap-user-configs" - }, - { - "config": "ranger-env/ranger-hdfs-plugin-enabled", - "subsection-name": "section-ranger-plugin-row1-col1", - "depends-on": [ - { - "resource": "service", - "if": "HDFS", - "then": { - "property_value_attributes": { - "visible": true - } - }, - "else": { - "property_value_attributes": { - "visible": false - } - } - } - ] - }, - { - "config": "ranger-env/ranger-hive-plugin-enabled", - "subsection-name": "section-ranger-plugin-row1-col1", - "depends-on": [ - { - "resource": "service", - "if": "HIVE", - "then": { - "property_value_attributes": { - "visible": true - } - }, - "else": { - "property_value_attributes": { - "visible": false - } - } - } - ] - }, - { - "config": "ranger-env/ranger-hbase-plugin-enabled", - "subsection-name": "section-ranger-plugin-row1-col2", - "depends-on": [ - { - "resource": "service", - "if": "HBASE", - "then": { - "property_value_attributes": { - "visible": true - } - }, - "else": { - "property_value_attributes": { - "visible": false - } - } - } - ] - }, - { - "config": "ranger-env/ranger-storm-plugin-enabled", - "subsection-name": "section-ranger-plugin-row1-col2", - "depends-on": [ - { - "resource": "service", - "if": "STORM", - "then": { - "property_value_attributes": { - "visible": true - } - }, - "else": { - "property_value_attributes": { - "visible": false - } - } - } - ] - }, - { - "config": "ranger-env/ranger-knox-plugin-enabled", - "subsection-name": "section-ranger-plugin-row1-col3", - "depends-on": [ - { - "resource": "service", - "if": "KNOX", - "then": { - "property_value_attributes": { - "visible": true - } - }, - "else": { - "property_value_attributes": { - "visible": false - } - } - } - ] - }, - { - "config": "ranger-env/xasecure.audit.destination.hdfs", - "subsection-name": "subsection-ranger-hdfs-row1-col1" - }, - { - "config": "ranger-env/xasecure.audit.destination.hdfs.dir", - "subsection-name": "subsection-ranger-hdfs-row1-col1", - "depends-on": [ - { - "configs":[ - "ranger-env/xasecure.audit.destination.hdfs" - ], - "if": "${ranger-env/xasecure.audit.destination.hdfs}", - "then": { - "property_value_attributes": { - "visible": true - } - }, - "else": { - "property_value_attributes": { - "visible": false - } - } - } - ] - }, - { - "config": "ranger-env/xasecure.audit.destination.db", - "subsection-name": "subsection-ranger-audit-db-row2-col1" - }, - { - "config": "admin-properties/audit_db_user", - "subsection-name": "subsection-ranger-audit-db-row2-col1" - }, - { - "config": "admin-properties/audit_db_name", - "subsection-name": "subsection-ranger-audit-db-row2-col2" - }, - { - "config": "admin-properties/audit_db_password", - "subsection-name": "subsection-ranger-audit-db-row2-col2" - } - ] - }, - "widgets": [ - { - "config": "admin-properties/DB_FLAVOR", - "widget": { - "type": "combo" - } - }, - { - "config": "admin-properties/db_user", - "widget": { - "type": "text-field" - } - }, - { - "config": "admin-properties/db_name", - "widget": { - "type": "text-field" - } - }, - { - "config": "ranger-admin-site/ranger.jpa.jdbc.url", - "widget": { - "type": "text-field" - } - }, - { - "config": "admin-properties/db_host", - "widget": { - "type": "text-field" - } - }, - { - "config": "admin-properties/db_password", - "widget": { - "type": "password" - } - }, - { - "config": "admin-properties/db_root_user", - "widget": { - "type": "text-field" - } - }, - { - "config": "admin-properties/db_root_password", - "widget": { - "type": "password" - } - }, - { - "config": "usersync-properties/SYNC_SOURCE", - "widget": { - "type": "combo" - } - }, - { - "config": "usersync-properties/MIN_UNIX_USER_ID_TO_SYNC", - "widget": { - "type": "text-field" - } - }, - { - "config": "usersync-properties/SYNC_LDAP_URL", - "widget": { - "type": "text-field" - } - }, - { - "config": "ranger-env/bind_anonymous", - "widget": { - "type": "toggle" - } - }, - { - "config": "usersync-properties/SYNC_LDAP_BIND_DN", - "widget": { - "type": "text-field" - } - }, - { - "config": "usersync-properties/SYNC_LDAP_BIND_PASSWORD", - "widget": { - "type": "password" - } - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_NAME_ATTRIBUTE", - "widget": { - "type": "text-field" - } - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_OBJECT_CLASS", - "widget": { - "type": "text-field" - } - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_BASE", - "widget": { - "type": "text-field" - } - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_FILTER", - "widget": { - "type": "text-field" - } - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_SEARCH_SCOPE", - "widget": { - "type": "text-field" - } - }, - { - "config": "usersync-properties/SYNC_LDAP_USER_GROUP_NAME_ATTRIBUTE", - "widget": { - "type": "text-field" - } - }, - { - "config": "ranger-env/ranger-hdfs-plugin-enabled", - "widget": { - "type": "toggle" - } - }, - { - "config": "ranger-env/ranger-hive-plugin-enabled", - "widget": { - "type": "toggle" - } - }, - { - "config": "ranger-env/ranger-hbase-plugin-enabled", - "widget": { - "type": "toggle" - } - }, - { - "config": "ranger-env/ranger-knox-plugin-enabled", - "widget": { - "type": "toggle" - } - }, - { - "config": "ranger-env/ranger-storm-plugin-enabled", - "widget": { - "type": "toggle" - } - }, - { - "config": "ranger-env/xasecure.audit.destination.hdfs", - "widget": { - "type": "toggle" - } - }, - { - "config": "ranger-env/xasecure.audit.destination.hdfs.dir", - "widget": { - "type": "text-field" - } - }, - { - "config": "ranger-env/xasecure.audit.destination.db", - "widget": { - "type": "toggle" - } - }, - { - "config": "admin-properties/audit_db_user", - "widget": { - "type": "text-field" - } - }, - { - "config": "admin-properties/audit_db_name", - "widget": { - "type": "text-field" - } - }, - { - "config": "admin-properties/audit_db_password", - "widget": { - "type": "password" - } - } - ] - } -} -