AMBARI-13476 Ranger usersync LDAP properties should be set same to ambari if ambari is configured with LDAP (dsen)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/5eff7979 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/5eff7979 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/5eff7979 Branch: refs/heads/branch-dev-patch-upgrade Commit: 5eff7979a37af5e7339b6b65fa99dee612db6c38 Parents: 7afe5a4 Author: Dmytro Sen <d...@apache.org> Authored: Thu Oct 22 11:10:26 2015 +0300 Committer: Dmytro Sen <d...@apache.org> Committed: Thu Oct 22 11:10:26 2015 +0300 ---------------------------------------------------------------------- .../stacks/HDP/2.0.6/services/stack_advisor.py | 18 ++++ .../stacks/HDP/2.3/services/stack_advisor.py | 24 ++++++ .../stacks/2.0.6/common/test_stack_advisor.py | 39 +++++++++ .../stacks/2.3/common/test_stack_advisor.py | 86 ++++++++++++++++++++ 4 files changed, 167 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/5eff7979/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py index 7fb9884..3db5bfd 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.0.6/services/stack_advisor.py @@ -305,6 +305,24 @@ class HDP206StackAdvisor(DefaultStackAdvisor): policymgr_external_url = "%s://%s:%s" % (protocol, ranger_admin_host, port) putRangerAdminProperty('policymgr_external_url', policymgr_external_url) + # Recommend ldap settings based on ambari.properties configuration + # If 'ambari.ldap.isConfigured' == true + # For stack_version 2.2 + stackVersion = services["Versions"]["stack_version"] + if stackVersion == '2.2' and 'ambari-server-properties' in services and \ + 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \ + services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true": + putUserSyncProperty = self.putProperty(configurations, "usersync-properties", services) + serverProperties = services['ambari-server-properties'] + if 'authentication.ldap.managerDn' in serverProperties: + putUserSyncProperty('SYNC_LDAP_BIND_DN', serverProperties['authentication.ldap.managerDn']) + if 'authentication.ldap.primaryUrl' in serverProperties: + putUserSyncProperty('SYNC_LDAP_URL', serverProperties['authentication.ldap.primaryUrl']) + if 'authentication.ldap.userObjectClass' in serverProperties: + putUserSyncProperty('SYNC_LDAP_USER_OBJECT_CLASS', serverProperties['authentication.ldap.userObjectClass']) + if 'authentication.ldap.usernameAttribute' in serverProperties: + putUserSyncProperty('SYNC_LDAP_USER_NAME_ATTRIBUTE', serverProperties['authentication.ldap.usernameAttribute']) + def getAmsMemoryRecommendation(self, services, hosts): # MB per sink in hbase heapsize http://git-wip-us.apache.org/repos/asf/ambari/blob/5eff7979/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py index 501517f..7a6662c 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/stack_advisor.py @@ -264,6 +264,7 @@ class HDP23StackAdvisor(HDP22StackAdvisor): servicesList = [service["StackServices"]["service_name"] for service in services["services"]] putRangerAdminProperty = self.putProperty(configurations, "ranger-admin-site", services) putRangerEnvProperty = self.putProperty(configurations, "ranger-env", services) + putRangerUgsyncSite = self.putProperty(configurations, "ranger-ugsync-site", services) if 'admin-properties' in services['configurations'] and ('DB_FLAVOR' in services['configurations']['admin-properties']['properties'])\ and ('db_host' in services['configurations']['admin-properties']['properties']) and ('db_name' in services['configurations']['admin-properties']['properties']): @@ -298,6 +299,29 @@ class HDP23StackAdvisor(HDP22StackAdvisor): for key in rangerPrivelegeDbProperties: putRangerEnvProperty(key, rangerPrivelegeDbProperties.get(key)) + # Recommend ldap settings based on ambari.properties configuration + if 'ambari-server-properties' in services and \ + 'ambari.ldap.isConfigured' in services['ambari-server-properties'] and \ + services['ambari-server-properties']['ambari.ldap.isConfigured'].lower() == "true": + serverProperties = services['ambari-server-properties'] + if 'authentication.ldap.baseDn' in serverProperties: + putRangerUgsyncSite('ranger.usersync.ldap.searchBase', serverProperties['authentication.ldap.baseDn']) + if 'authentication.ldap.groupMembershipAttr' in serverProperties: + putRangerUgsyncSite('ranger.usersync.group.memberattributename', serverProperties['authentication.ldap.groupMembershipAttr']) + if 'authentication.ldap.groupNamingAttr' in serverProperties: + putRangerUgsyncSite('ranger.usersync.group.nameattribute', serverProperties['authentication.ldap.groupNamingAttr']) + if 'authentication.ldap.groupObjectClass' in serverProperties: + putRangerUgsyncSite('ranger.usersync.group.objectclass', serverProperties['authentication.ldap.groupObjectClass']) + if 'authentication.ldap.managerDn' in serverProperties: + putRangerUgsyncSite('ranger.usersync.ldap.binddn', serverProperties['authentication.ldap.managerDn']) + if 'authentication.ldap.primaryUrl' in serverProperties: + putRangerUgsyncSite('ranger.usersync.ldap.url', serverProperties['authentication.ldap.primaryUrl']) + if 'authentication.ldap.userObjectClass' in serverProperties: + putRangerUgsyncSite('ranger.usersync.ldap.user.objectclass', serverProperties['authentication.ldap.userObjectClass']) + if 'authentication.ldap.usernameAttribute' in serverProperties: + putRangerUgsyncSite('ranger.usersync.ldap.user.nameattribute', serverProperties['authentication.ldap.usernameAttribute']) + + # Recommend ranger.audit.solr.zookeepers and xasecure.audit.destination.hdfs.dir include_hdfs = "HDFS" in servicesList zookeeper_host_port = self.getZKHostPortString(services) http://git-wip-us.apache.org/repos/asf/ambari/blob/5eff7979/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py index abddc71..85d6436 100644 --- a/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.0.6/common/test_stack_advisor.py @@ -681,6 +681,9 @@ class TestHDP206StackAdvisor(TestCase): clusterData = {} # Recommend for not existing DB_FLAVOR and http enabled, HDP-2.3 services = { + "Versions" : { + "stack_version" : "2.2", + }, "services": [ { "StackServices": { @@ -778,6 +781,42 @@ class TestHDP206StackAdvisor(TestCase): self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None) self.assertEquals(recommendedConfigurations, expected) + # Test Recommend LDAP values + services["ambari-server-properties"] = { + "ambari.ldap.isConfigured" : "true", + "authentication.ldap.bindAnonymously" : "false", + "authentication.ldap.baseDn" : "dc=apache,dc=org", + "authentication.ldap.groupNamingAttr" : "cn", + "authentication.ldap.primaryUrl" : "c6403.ambari.apache.org:389", + "authentication.ldap.userObjectClass" : "posixAccount", + "authentication.ldap.secondaryUrl" : "c6403.ambari.apache.org:389", + "authentication.ldap.usernameAttribute" : "uid", + "authentication.ldap.dnAttribute" : "dn", + "authentication.ldap.useSSL" : "false", + "authentication.ldap.managerPassword" : "/etc/ambari-server/conf/ldap-password.dat", + "authentication.ldap.groupMembershipAttr" : "memberUid", + "authentication.ldap.groupObjectClass" : "posixGroup", + "authentication.ldap.managerDn" : "uid=hdfs,ou=people,ou=dev,dc=apache,dc=org" + } + services["configurations"] = {} + expected = { + 'admin-properties': { + 'properties': { + 'policymgr_external_url': 'http://host1:6080', + } + }, + 'usersync-properties': { + 'properties': { + 'SYNC_LDAP_URL': 'c6403.ambari.apache.org:389', + 'SYNC_LDAP_BIND_DN': 'uid=hdfs,ou=people,ou=dev,dc=apache,dc=org', + 'SYNC_LDAP_USER_OBJECT_CLASS': 'posixAccount', + 'SYNC_LDAP_USER_NAME_ATTRIBUTE': 'uid' + } + } + } + recommendedConfigurations = {} + self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None) + self.assertEquals(recommendedConfigurations, expected) def test_recommendHDFSConfigurations(self): http://git-wip-us.apache.org/repos/asf/ambari/blob/5eff7979/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py index e0c6d28..ff6c93e 100644 --- a/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py +++ b/ambari-server/src/test/python/stacks/2.3/common/test_stack_advisor.py @@ -813,3 +813,89 @@ class TestHDP23StackAdvisor(TestCase): self.assertTrue(exceptionThrown) pass + + def test_recommendRangerConfigurations(self): + clusterData = {} + # Recommend for not existing DB_FLAVOR and http enabled, HDP-2.3 + services = { + "Versions" : { + "stack_version" : "2.3", + }, + "services": [ + { + "StackServices": { + "service_name": "RANGER" + }, + "components": [ + { + "StackServiceComponents": { + "component_name": "RANGER_ADMIN", + "hostnames": ["host1"] + } + } + ] + }, + ], + "configurations": { + "admin-properties": { + "properties": { + "DB_FLAVOR": "NOT_EXISTING", + } + }, + "ranger-admin-site": { + "properties": { + "ranger.service.http.port": "7777", + "ranger.service.http.enabled": "true", + } + } + }, + "ambari-server-properties": { + "ambari.ldap.isConfigured" : "true", + "authentication.ldap.bindAnonymously" : "false", + "authentication.ldap.baseDn" : "dc=apache,dc=org", + "authentication.ldap.groupNamingAttr" : "cn", + "authentication.ldap.primaryUrl" : "c6403.ambari.apache.org:389", + "authentication.ldap.userObjectClass" : "posixAccount", + "authentication.ldap.secondaryUrl" : "c6403.ambari.apache.org:389", + "authentication.ldap.usernameAttribute" : "uid", + "authentication.ldap.dnAttribute" : "dn", + "authentication.ldap.useSSL" : "false", + "authentication.ldap.managerPassword" : "/etc/ambari-server/conf/ldap-password.dat", + "authentication.ldap.groupMembershipAttr" : "memberUid", + "authentication.ldap.groupObjectClass" : "posixGroup", + "authentication.ldap.managerDn" : "uid=hdfs,ou=people,ou=dev,dc=apache,dc=org" + } + } + + expected = { + 'admin-properties': { + 'properties': { + 'policymgr_external_url': 'http://host1:7777', + 'SQL_CONNECTOR_JAR': '/usr/share/java/mysql-connector-java.jar' + } + }, + 'ranger-ugsync-site': { + 'properties': { + 'ranger.usersync.group.objectclass': 'posixGroup', + 'ranger.usersync.group.nameattribute': 'cn', + 'ranger.usersync.group.memberattributename': 'memberUid', + 'ranger.usersync.ldap.binddn': 'uid=hdfs,ou=people,ou=dev,dc=apache,dc=org', + 'ranger.usersync.ldap.user.nameattribute': 'uid', + 'ranger.usersync.ldap.user.objectclass': 'posixAccount', + 'ranger.usersync.ldap.url': 'c6403.ambari.apache.org:389', + 'ranger.usersync.ldap.searchBase': 'dc=apache,dc=org' + } + }, + 'ranger-admin-site': { + 'properties': { + } + }, + 'ranger-env': { + 'properties': {} + } + } + + recommendedConfigurations = {} + self.stackAdvisor.recommendRangerConfigurations(recommendedConfigurations, clusterData, services, None) + self.assertEquals(recommendedConfigurations, expected) +