http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml new file mode 100644 index 0000000..d3b2248 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml @@ -0,0 +1,270 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.batch.size</name> + <value>100</value> + <description></description> + </property> + + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name> + <value>jdbc:{{xa_audit_db_flavor}}://{{xa_db_host}}/{{xa_audit_db_name}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name> + <value>{{xa_audit_db_user}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name> + <value>crypted</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name> + <value>com.mysql.jdbc.Driver</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <value>jceks://file/{{credential_file}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.queue.size</name> + <value>1048576</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.encoding</name> + <value></value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.directory</name> + <value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.file</name> + <value>%hostname%-audit.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name> + <value>900</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name> + <value>86400</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.directory</name> + <value>/var/log/hbase/audit/%app-type%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file</name> + <value>%time:yyyyMMdd-HHmm.ss%.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name> + <value>8192</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name> + <value>600</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.directory</name> + <value>/var/log/hbase/audit/archive/%app-type%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.max.file.count</name> + <value>10</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.async</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.broker_list</name> + <value>localhost:9092</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.topic_name</name> + <value>ranger_audits</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.solr_url</name> + <value>http://localhost:6083/solr/ranger_audits</value> + <description></description> + </property> + +</configuration> \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-plugin-properties.xml index 4d5750d..bf87456 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-plugin-properties.xml @@ -19,29 +19,135 @@ */ --> <configuration supports_final="true"> + + <property> + <name>XAAUDIT.DB.IS_ENABLED</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.IS_ENABLED</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FILE</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> <property> - <name>XAAUDIT.SOLR.IS_ENABLED</name> - <value>false</value> - <description></description> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_QUEUE_SIZE</name> - <value>1</value> - <description></description> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS</name> - <value>1000</value> - <description></description> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.SOLR_URL</name> - <value>http://localhost:6083/solr/ranger_audits</value> - <description></description> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name> + <deleted>true</deleted> </property> + <property> + <name>SSL_KEYSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_KEYSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>UPDATE_XAPOLICIES_ON_GRANT_REVOKE</name> + <deleted>true</deleted> + </property> + + <property> + <name>POLICY_MGR_URL</name> + <deleted>true</deleted> + </property> + + <property> + <name>SQL_CONNECTOR_JAR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.FLAVOUR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.DATABASE_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.USER_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.HOSTNAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>REPOSITORY_NAME</name> + <deleted>true</deleted> + </property> + </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml new file mode 100644 index 0000000..5a32119 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/etc/hbase/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <description>password for keystore</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/etc/hbase/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <description>java truststore password</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java keystore credential file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java truststore credential file</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml new file mode 100644 index 0000000..8958a9e --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-security.xml @@ -0,0 +1,64 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>ranger.plugin.hbase.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing HBase policies</description> + </property> + + <property> + <name>ranger.plugin.hbase.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + </property> + + <property> + <name>ranger.plugin.hbase.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.hbase.policy.rest.ssl.config.file</name> + <value>/etc/hbase/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.hbase.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + </property> + + <property> + <name>ranger.plugin.hbase.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + </property> + + <property> + <name>xasecure.hbase.update.xapolicies.on.grant.revoke</name> + <value>true</value> + <description>Should HBase plugin update Ranger policies for updates to permissions done using GRANT/REVOKE?</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml new file mode 100644 index 0000000..82e59b3 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml @@ -0,0 +1,270 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.batch.size</name> + <value>100</value> + <description></description> + </property> + + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name> + <value>jdbc:{{xa_audit_db_flavor}}://{{xa_db_host}}/{{xa_audit_db_name}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name> + <value>{{xa_audit_db_user}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name> + <value>crypted</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name> + <value>com.mysql.jdbc.Driver</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <value>jceks://file/{{credential_file}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.queue.size</name> + <value>1048576</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.encoding</name> + <value></value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.directory</name> + <value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.file</name> + <value>%hostname%-audit.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name> + <value>900</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name> + <value>86400</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.directory</name> + <value>/var/log/hadoop/audit/%app-type%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file</name> + <value>%time:yyyyMMdd-HHmm.ss%.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name> + <value>8192</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name> + <value>600</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.directory</name> + <value>/var/log/hadoop/audit/archive/%app-type%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.max.file.count</name> + <value>10</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.async</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.broker_list</name> + <value>localhost:9092</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.topic_name</name> + <value>ranger_audits</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.solr_url</name> + <value>http://localhost:6083/solr/ranger_audits</value> + <description></description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml index 4d5750d..47af990 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml @@ -21,27 +21,128 @@ <configuration supports_final="true"> <property> - <name>XAAUDIT.SOLR.IS_ENABLED</name> - <value>false</value> - <description></description> + <name>XAAUDIT.DB.IS_ENABLED</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_QUEUE_SIZE</name> - <value>1</value> - <description></description> + <name>XAAUDIT.HDFS.IS_ENABLED</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS</name> - <value>1000</value> - <description></description> + <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.SOLR_URL</name> - <value>http://localhost:6083/solr/ranger_audits</value> - <description></description> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name> + <deleted>true</deleted> </property> + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FILE</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_KEYSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_KEYSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>POLICY_MGR_URL</name> + <deleted>true</deleted> + </property> + + <property> + <name>SQL_CONNECTOR_JAR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.FLAVOUR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.DATABASE_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.USER_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.HOSTNAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>REPOSITORY_NAME</name> + <deleted>true</deleted> + </property> + </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml new file mode 100644 index 0000000..bb64bb7 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <description>password for keystore</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <description>java truststore password</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java keystore credential file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java truststore credential file</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml new file mode 100644 index 0000000..1bea198 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-security.xml @@ -0,0 +1,64 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + <property> + <name>ranger.plugin.hdfs.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing Hdfs policies</description> + </property> + + <property> + <name>ranger.plugin.hdfs.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + </property> + + <property> + <name>ranger.plugin.hdfs.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.hdfs.policy.rest.ssl.config.file</name> + <value>/etc/hadoop/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.hdfs.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + </property> + + <property> + <name>ranger.plugin.hdfs.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + </property> + + <property> + <name>xasecure.add-hadoop-authorization</name> + <value>true</value> + <description>Enable/Disable the default hadoop authorization (based on rwxrwxrwx permission on the resource) if Ranger Authorization fails.</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml new file mode 100644 index 0000000..5a34de9 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml @@ -0,0 +1,270 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.batch.size</name> + <value>100</value> + <description></description> + </property> + + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name> + <value>jdbc:{{xa_audit_db_flavor}}://{{xa_db_host}}/{{xa_audit_db_name}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name> + <value>{{xa_audit_db_user}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name> + <value>crypted</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name> + <value>com.mysql.jdbc.Driver</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <value>jceks://file/{{credential_file}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.queue.size</name> + <value>1048576</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.encoding</name> + <value></value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.directory</name> + <value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.file</name> + <value>%hostname%-audit.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name> + <value>900</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name> + <value>86400</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.directory</name> + <value>/var/log/hive/audit/%app-type%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file</name> + <value>%time:yyyyMMdd-HHmm.ss%.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name> + <value>8192</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name> + <value>600</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.directory</name> + <value>/var/log/hive/audit/archive/%app-type%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.max.file.count</name> + <value>10</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.async</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.broker_list</name> + <value>localhost:9092</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.topic_name</name> + <value>ranger_audits</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.solr_url</name> + <value>http://localhost:6083/solr/ranger_audits</value> + <description></description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-plugin-properties.xml index 4d5750d..64f85c7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-plugin-properties.xml @@ -21,27 +21,133 @@ <configuration supports_final="true"> <property> - <name>XAAUDIT.SOLR.IS_ENABLED</name> - <value>false</value> - <description></description> + <name>XAAUDIT.DB.IS_ENABLED</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.IS_ENABLED</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FILE</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_QUEUE_SIZE</name> - <value>1</value> - <description></description> + <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS</name> - <value>1000</value> - <description></description> + <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.SOLR_URL</name> - <value>http://localhost:6083/solr/ranger_audits</value> - <description></description> + <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_KEYSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_KEYSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>UPDATE_XAPOLICIES_ON_GRANT_REVOKE</name> + <deleted>true</deleted> + </property> + + <property> + <name>POLICY_MGR_URL</name> + <deleted>true</deleted> + </property> + + <property> + <name>SQL_CONNECTOR_JAR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.FLAVOUR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.DATABASE_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.USER_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.HOSTNAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>REPOSITORY_NAME</name> + <deleted>true</deleted> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml new file mode 100644 index 0000000..0c6eaec --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/etc/hive/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <description>password for keystore</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/etc/hive/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <description>java truststore password</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java keystore credential file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java truststore credential file</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml new file mode 100644 index 0000000..14baa13 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml @@ -0,0 +1,65 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.hive.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing policies for this YARN instance</description> + </property> + + <property> + <name>ranger.plugin.hive.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + </property> + + <property> + <name>ranger.plugin.hive.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.hive.policy.rest.ssl.config.file</name> + <value>/etc/hive/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.hive.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + </property> + + <property> + <name>ranger.plugin.hive.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + </property> + + <property> + <name>xasecure.hive.update.xapolicies.on.grant.revoke</name> + <value>true</value> + <description>Should Hive plugin update Ranger policies for updates to permissions done using GRANT/REVOKE?</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml new file mode 100644 index 0000000..7248fdd --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml @@ -0,0 +1,270 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.batch.size</name> + <value>100</value> + <description></description> + </property> + + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name> + <value>jdbc:{{xa_audit_db_flavor}}://{{xa_db_host}}/{{xa_audit_db_name}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name> + <value>{{xa_audit_db_user}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name> + <value>crypted</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name> + <value>com.mysql.jdbc.Driver</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <value>jceks://file/{{credential_file}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.queue.size</name> + <value>1048576</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.encoding</name> + <value></value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.directory</name> + <value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.file</name> + <value>%hostname%-audit.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name> + <value>900</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name> + <value>86400</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.directory</name> + <value>/var/log/knox/audit</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file</name> + <value>%time:yyyyMMdd-HHmm.ss%.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name> + <value>8192</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name> + <value>600</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.directory</name> + <value>/var/log/knox/audit/archive</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.max.file.count</name> + <value>10</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.async</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.broker_list</name> + <value>localhost:9092</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.topic_name</name> + <value>ranger_audits</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.solr_url</name> + <value>http://localhost:6083/solr/ranger_audits</value> + <description></description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-plugin-properties.xml index 4d5750d..99cc8fc 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-plugin-properties.xml @@ -21,27 +21,128 @@ <configuration supports_final="true"> <property> - <name>XAAUDIT.SOLR.IS_ENABLED</name> - <value>false</value> - <description></description> + <name>XAAUDIT.DB.IS_ENABLED</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_QUEUE_SIZE</name> - <value>1</value> - <description></description> + <name>XAAUDIT.HDFS.IS_ENABLED</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS</name> - <value>1000</value> - <description></description> + <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name> + <deleted>true</deleted> </property> <property> - <name>XAAUDIT.SOLR.SOLR_URL</name> - <value>http://localhost:6083/solr/ranger_audits</value> - <description></description> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FILE</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_KEYSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_KEYSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_FILE_PATH</name> + <deleted>true</deleted> + </property> + + <property> + <name>SSL_TRUSTSTORE_PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>POLICY_MGR_URL</name> + <deleted>true</deleted> + </property> + + <property> + <name>SQL_CONNECTOR_JAR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.FLAVOUR</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.DATABASE_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.USER_NAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.PASSWORD</name> + <deleted>true</deleted> + </property> + + <property> + <name>XAAUDIT.DB.HOSTNAME</name> + <deleted>true</deleted> + </property> + + <property> + <name>REPOSITORY_NAME</name> + <deleted>true</deleted> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml new file mode 100644 index 0000000..98c5637 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/etc/knox/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <description>password for keystore</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/etc/knox/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <description>java truststore password</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java keystore credential file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file/{{credential_file}}</value> + <description>java truststore credential file</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml new file mode 100644 index 0000000..1686f04 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-security.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.knox.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing policies for this Knox instance</description> + </property> + + <property> + <name>ranger.plugin.knox.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + </property> + + <property> + <name>ranger.plugin.knox.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.knox.policy.rest.ssl.config.file</name> + <value>/etc/knox/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.knox.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + </property> + + <property> + <name>ranger.plugin.knox.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml index 24c27c5..52ce1bf 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/admin-properties.xml @@ -22,15 +22,63 @@ <configuration supports_final="false"> <property> - <name>audit_store</name> - <value>db</value> - <description>audit_db is solr or db</description> + <name>policymgr_http_enabled</name> + <deleted>true</deleted> </property> <property> - <name>audit_solr_url</name> - <value>http://localhost:6083/solr/ranger_audits</value> - <description>URL to Solr. E.g. http://solr_host:6083/solr/ranger_audits</description> + <name>authentication_method</name> + <deleted>true</deleted> + </property> + + <property> + <name>remoteLoginEnabled</name> + <deleted>true</deleted> + </property> + + <property> + <name>authServiceHostName</name> + <deleted>true</deleted> + </property> + + <property> + <name>authServicePort</name> + <deleted>true</deleted> + </property> + + <property> + <name>xa_ldap_url</name> + <deleted>true</deleted> + </property> + + <property> + <name>xa_ldap_userDNpattern</name> + <deleted>true</deleted> + </property> + + <property> + <name>xa_ldap_groupSearchBase</name> + <deleted>true</deleted> + </property> + + <property> + <name>xa_ldap_groupSearchFilter</name> + <deleted>true</deleted> + </property> + + <property> + <name>xa_ldap_groupRoleAttribute</name> + <deleted>true</deleted> + </property> + + <property> + <name>xa_ldap_ad_domain</name> + <deleted>true</deleted> + </property> + + <property> + <name>xa_ldap_ad_url</name> + <deleted>true</deleted> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml new file mode 100644 index 0000000..8de5b06 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml @@ -0,0 +1,227 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<configuration supports_final="true"> + + <property> + <name>ranger.service.host</name> + <value>{{ranger_host}}</value> + <description></description> + </property> + + <property> + <name>ranger.service.http.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>ranger.service.http.port</name> + <value>6080</value> + <description></description> + </property> + + <property> + <name>ranger.service.https.port</name> + <value>6182</value> + <description></description> + </property> + + <property> + <name>ranger.service.https.attrib.ssl.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>ranger.service.https.attrib.clientAuth</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>ranger.service.https.attrib.keystore.keyalias</name> + <value>mkey</value> + <description></description> + </property> + + <property> + <name>ranger.service.https.attrib.keystore.pass</name> + <value>ranger</value> + <description></description> + </property> + + <property> + <name>ranger.https.attrib.keystore.file</name> + <value>/etc/ranger/admin/keys/server.jks</value> + <description></description> + </property> + + <property> + <name>ranger.externalurl</name> + <value>{{ranger_external_url}}</value> + <description></description> + </property> + + <property> + <name>ranger.jpa.jdbc.driver</name> + <value>net.sf.log4jdbc.DriverSpy</value> + <description></description> + </property> + + <property> + <name>ranger.jpa.jdbc.url</name> + <value>jdbc:log4jdbc:{{db_flavor}}://{{db_host}}/{{ranger_db_name}}</value> + <description></description> + </property> + + <property> + <name>ranger.jpa.jdbc.user</name> + <value>{{ranger_db_user}}</value> + <description></description> + </property> + + <property> + <name>ranger.jpa.jdbc.password</name> + <value>_</value> + <property-type>PASSWORD</property-type> + <description></description> + </property> + + <property> + <name>ranger.jpa.jdbc.credential.alias</name> + <value>rangeradmin</value> + <description></description> + </property> + + <property> + <name>ranger.credential.provider.path</name> + <value>/etc/ranger/admin/rangeradmin.jceks</value> + <description></description> + </property> + + <property> + <name>ranger.audit.source.type</name> + <value>db</value> + <description></description> + </property> + + <property> + <name>ranger.solr.url</name> + <value>http://solr_host:6083/solr/ranger_audits</value> + <description></description> + </property> + + <property> + <name>ranger.authentication.method</name> + <value>UNIX</value> + <description></description> + </property> + + <property> + <name>ranger.ldap.url</name> + <value>ldap://71.127.43.33:389</value> + <description></description> + </property> + + <property> + <name>ranger.ldap.user.dnpattern</name> + <value>uid={0},ou=users,dc=xasecure,dc=net</value> + <description></description> + </property> + + <property> + <name>ranger.ldap.group.searchbase</name> + <value>ou=groups,dc=xasecure,dc=net</value> + <description></description> + </property> + + <property> + <name>ranger.ldap.group.searchfilter</name> + <value>(member=uid={0},ou=users,dc=xasecure,dc=net)</value> + <description></description> + </property> + + <property> + <name>ranger.ldap.group.roleattribute</name> + <value>cn</value> + <description></description> + </property> + + <property> + <name>ranger.ldap.ad.domain</name> + <value>localhost</value> + <description></description> + </property> + + <property> + <name>ranger.ldap.ad.url</name> + <value>ldap://ad.xasecure.net:389</value> + <description></description> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.driver</name> + <value>net.sf.log4jdbc.DriverSpy</value> + <description></description> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.url</name> + <value>jdbc:log4jdbc:{{db_flavor}}://{{db_host}}/{{ranger_auditdb_name}}</value> + <description></description> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.user</name> + <value>{{ranger_audit_db_user}}</value> + <description></description> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.password</name> + <value>_</value> + <property-type>PASSWORD</property-type> + <description></description> + </property> + + <property> + <name>ranger.jpa.audit.jdbc.credential.alias</name> + <value>rangeraudit</value> + <description></description> + </property> + + <property> + <name>ranger.unixauth.remote.login.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>ranger.unixauth.service.hostname</name> + <value>localhost</value> + <description></description> + </property> + + <property> + <name>ranger.unixauth.service.port</name> + <value>5151</value> + <description></description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml new file mode 100644 index 0000000..b5bb3b3 --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-env.xml @@ -0,0 +1,34 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="true"> + + <property> + <name>xml_configurations_supported</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>oracle_home</name> + <deleted>true</deleted> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/e50a2ac3/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-site.xml new file mode 100644 index 0000000..950d3eb --- /dev/null +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-site.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration supports_final="false" supports_do_not_extend="true"> + + <property> + <name>http.service.port</name> + <value>6080</value> + <description>The http port to be used</description> + </property> + + <property> + <name>https.service.port</name> + <value>6182</value> + <description>The secured https port to be used</description> + </property> + + <property> + <name>https.attrib.keystoreFile</name> + <value>/etc/ranger/admin/keys/server.jks</value> + <description>The keystore file location</description> + </property> + + <property> + <name>https.attrib.keystorePass</name> + <value>ranger</value> + <description>The keystore pass to be used </description> + </property> + + <property> + <name>https.attrib.keyAlias</name> + <value>myKey</value> + <description>The key alias to be used </description> + </property> + + <property> + <name>https.attrib.clientAuth</name> + <value>want</value> + <description>The client auth to be used </description> + </property> + + <property> + <name>http.enabled</name> + <value>true</value> + <description>http enabled or https enabled </description> + </property> + +</configuration> \ No newline at end of file
