Repository: ambari Updated Branches: refs/heads/trunk 544c74e72 -> 045d612ef
AMBARI-11213 : KMS changes on Ambari to avoid running setup on each restart (Gautam Borad via jluniya) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/045d612e Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/045d612e Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/045d612e Branch: refs/heads/trunk Commit: 045d612efd2488145db07ee8966f802e90b03d26 Parents: 544c74e Author: Jayush Luniya <[email protected]> Authored: Wed May 20 17:29:15 2015 -0700 Committer: Jayush Luniya <[email protected]> Committed: Wed May 20 17:29:15 2015 -0700 ---------------------------------------------------------------------- .../0.5.0.2.3/configuration/dbks-site.xml | 90 +++++++ .../0.5.0.2.3/configuration/kms-properties.xml | 195 +------------- .../configuration/ranger-kms-audit.xml | 270 +++++++++++++++++++ .../configuration/ranger-kms-policymgr-ssl.xml | 59 ++++ .../configuration/ranger-kms-security.xml | 59 ++++ .../0.5.0.2.3/configuration/ranger-kms-site.xml | 47 ++++ .../RANGER_KMS/0.5.0.2.3/metainfo.xml | 1 + .../RANGER_KMS/0.5.0.2.3/package/scripts/kms.py | 236 +++++++++++++--- .../0.5.0.2.3/package/scripts/kms_server.py | 10 +- .../0.5.0.2.3/package/scripts/params.py | 115 +++++--- ambari-web/app/data/HDP2.3/site_properties.js | 10 + 11 files changed, 828 insertions(+), 264 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/dbks-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/dbks-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/dbks-site.xml new file mode 100644 index 0000000..8291e02 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/dbks-site.xml @@ -0,0 +1,90 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> + +<configuration> + + <property> + <name>hadoop.kms.blacklist.DECRYPT_EEK</name> + <value>hdfs</value> + <description>Blacklist for decrypt EncryptedKey CryptoExtension operations</description> + </property> + + <property> + <name>ranger.db.encrypt.key.password</name> + <value>_</value> + <description>Password used for encrypting Master Key</description> + </property> + + <property> + <name>ranger.ks.jpa.jdbc.url</name> + <value>{{db_jdbc_url}}</value> + <description>URL for Database</description> + </property> + + <property> + <name>ranger.ks.jpa.jdbc.user</name> + <value>{{db_user}}</value> + <description>Database username used for operation</description> + </property> + + <property> + <name>ranger.ks.jpa.jdbc.password</name> + <value>_</value> + <description>Database user's password</description> + </property> + + <property> + <name>ranger.ks.jpa.jdbc.credential.provider.path</name> + <value>/etc/ranger/kms/rangerkms.jceks</value> + <description>Credential provider path</description> + </property> + + <property> + <name>ranger.ks.jpa.jdbc.credential.alias</name> + <value>ranger.ks.jdbc.password</value> + <description>Credential alias used for password</description> + </property> + + <property> + <name>ranger.ks.masterkey.credential.alias</name> + <value>ranger.ks.masterkey.password</value> + <description>Credential alias used for masterkey</description> + </property> + + <property> + <name>ranger.ks.jpa.jdbc.dialect</name> + <value>{{jdbc_dialect}}</value> + <description>Dialect used for database</description> + </property> + + <property> + <name>ranger.ks.jpa.jdbc.driver</name> + <value>{{db_jdbc_driver}}</value> + <description>Driver used for database</description> + </property> + + <property> + <name>ranger.ks.jdbc.sqlconnectorjar</name> + <value>{{driver_curl_target}}</value> + <description>Driver used for database</description> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml index fee9014..361e52d 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/kms-properties.xml @@ -40,26 +40,14 @@ </property> <property> - <name>SQL_COMMAND_INVOKER</name> - <value>'mysql'</value> - <description></description> - </property> - - <property> - <name>SQL_CONNECTOR_JAR</name> - <value>/usr/share/java/mysql-connector-java.jar</value> - <description></description> - </property> - - <property> <name>db_root_user</name> <value>root</value> <description></description> </property> - <property require-input="true"> + <property> <name>db_root_password</name> - <value></value> + <value>vagrant</value> <property-type>PASSWORD</property-type> <description></description> </property> @@ -80,11 +68,11 @@ <name>db_user</name> <value>rangerkms</value> <description></description> - </property> + </property> - <property require-input="true"> + <property> <name>db_password</name> - <value></value> + <value>rangerkms</value> <property-type>PASSWORD</property-type> <description></description> </property> @@ -96,175 +84,4 @@ <description></description> </property> - <property> - <name>POLICY_MGR_URL</name> - <value>{{policymgr_mgr_url}}</value> - <description></description> - </property> - - <property> - <name>REPOSITORY_NAME</name> - <value>{{repo_name}}</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.DB.IS_ENABLED</name> - <value>true</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.DB.FLAVOUR</name> - <value>{{xa_audit_db_flavor}}</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.DB.HOSTNAME</name> - <value>{{xa_db_host}}</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.DB.DATABASE_NAME</name> - <value>{{xa_audit_db_name}}</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.DB.USER_NAME</name> - <value>{{xa_audit_db_user}}</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.DB.PASSWORD</name> - <value>{{xa_audit_db_password}}</value> - <property-type>PASSWORD</property-type> - <description></description> - </property> - - <property> - <name>XAAUDIT.SOLR.IS_ENABLED</name> - <value>false</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.SOLR.MAX_QUEUE_SIZE</name> - <value>1</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS</name> - <value>1000</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.SOLR.SOLR_URL</name> - <value>http://localhost:6083/solr/ranger_audits</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.IS_ENABLED</name> - <value>false</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.DESTINATION_DIRECTORY</name> - <value>hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY</name> - <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY</name> - <value>__REPLACE__LOG_DIR/hadoop/%app-type%/audit/archive</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.DESTINTATION_FILE</name> - <value>%hostname%-audit.log</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS</name> - <value>900</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS</name> - <value>86400</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS</name> - <value>60</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.LOCAL_BUFFER_FILE</name> - <value>%time:yyyyMMdd-HHmm.ss%.log</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS</name> - <value>60</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS</name> - <value>600</value> - <description></description> - </property> - - <property> - <name>XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT</name> - <value>10</value> - <description></description> - </property> - - <property> - <name>SSL_KEYSTORE_FILE_PATH</name> - <value>/etc/hadoop/conf/ranger-plugin-keystore.jks</value> - <description></description> - </property> - - <property> - <name>SSL_KEYSTORE_PASSWORD</name> - <value>myKeyFilePassword</value> - <property-type>PASSWORD</property-type> - <description></description> - </property> - - <property> - <name>SSL_TRUSTSTORE_FILE_PATH</name> - <value>/etc/hadoop/conf/ranger-plugin-truststore.jks</value> - <description></description> - </property> - - <property> - <name>SSL_TRUSTSTORE_PASSWORD</name> - <value>changeit</value> - <property-type>PASSWORD</property-type> - <description></description> - </property> - -</configuration> \ No newline at end of file +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml new file mode 100644 index 0000000..2801106 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml @@ -0,0 +1,270 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.db.batch.size</name> + <value>100</value> + <description></description> + </property> + + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name> + <value>{{audit_jdbc_url}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name> + <value>{{xa_audit_db_user}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name> + <value>crypted</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name> + <value>{{jdbc_driver}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <value>jceks://file{{credential_file}}</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.is.async</name> + <value>true</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.queue.size</name> + <value>1048576</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.encoding</name> + <value></value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.directory</name> + <value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.file</name> + <value>%hostname%-audit.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name> + <value>900</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name> + <value>86400</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.directory</name> + <value>/var/log/kms/audit</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file</name> + <value>%time:yyyyMMdd-HHmm.ss%.log</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name> + <value>8192</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name> + <value>60</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name> + <value>600</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.directory</name> + <value>/var/log/kms/audit/archive</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.max.file.count</name> + <value>10</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.is.async</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.queue.size</name> + <value>10240</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.flush.interval.ms</name> + <value>30000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.broker_list</name> + <value>localhost:9092</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.kafka.topic_name</name> + <value>ranger_audits</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.is.enabled</name> + <value>false</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.queue.size</name> + <value>1</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.async.max.flush.interval.ms</name> + <value>1000</value> + <description></description> + </property> + + <property> + <name>xasecure.audit.solr.solr_url</name> + <value>http://localhost:6083/solr/ranger_audits</value> + <description></description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml new file mode 100644 index 0000000..b0f56a5 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-policymgr-ssl.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>/etc/ranger/kms/conf/ranger-plugin-keystore.jks</value> + <description>Java Keystore files</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>myKeyFilePassword</value> + <description>password for keystore</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>/etc/ranger/kms/conf/ranger-plugin-truststore.jks</value> + <description>java truststore file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>changeit</value> + <description>java truststore password</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file{{credential_file}}</value> + <description> java keystore credential file</description> + </property> + + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file{{credential_file}}</value> + <description>java truststore credential file</description> + </property> + +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-security.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-security.xml new file mode 100644 index 0000000..b063ec8 --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-security.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> +<configuration> + + <property> + <name>ranger.plugin.kms.service.name</name> + <value>{{repo_name}}</value> + <description>Name of the Ranger service containing policies for this kms instance</description> + </property> + + <property> + <name>ranger.plugin.kms.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description>Class to retrieve policies from the source</description> + </property> + + <property> + <name>ranger.plugin.kms.policy.rest.url</name> + <value>{{policymgr_mgr_url}}</value> + <description>URL to Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.kms.policy.rest.ssl.config.file</name> + <value>/etc/kms/conf/ranger-policymgr-ssl.xml</value> + <description>Path to the file containing SSL details to contact Ranger Admin</description> + </property> + + <property> + <name>ranger.plugin.kms.policy.pollIntervalMs</name> + <value>30000</value> + <description>How often to poll for changes in policies?</description> + </property> + + <property> + <name>ranger.plugin.kms.policy.cache.dir</name> + <value>/etc/ranger/{{repo_name}}/policycache</value> + <description>Directory where Ranger policies are cached after successful retrieval from the source</description> + </property> + +</configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml new file mode 100644 index 0000000..5446dcd --- /dev/null +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-site.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +--> + +<configuration> + <property> + <name>ranger.service.host</name> + <value>{{ranger_admin_hosts}}</value> + </property> + + <property> + <name>ranger.service.http.port</name> + <value>9292</value> + </property> + + <property> + <name>ranger.service.shutdown.port</name> + <value>7085</value> + </property> + + <property> + <name>ranger.contextName</name> + <value>/kms</value> + </property> + + <property> + <name>xa.webapp.dir</name> + <value>./webapp</value> + </property> +</configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/metainfo.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/metainfo.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/metainfo.xml index f956fed..7867c9b 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/metainfo.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/metainfo.xml @@ -77,6 +77,7 @@ <requiredServices> <service>RANGER</service> + <service>HDFS</service> </requiredServices> </service> http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py old mode 100644 new mode 100755 index 018166b..cdc2192 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms.py @@ -24,17 +24,17 @@ import os import json import urllib2, base64, httplib from StringIO import StringIO as BytesIO +from datetime import datetime from resource_management.core.resources.system import File, Directory, Execute from resource_management.libraries.resources.xml_config import XmlConfig from resource_management.libraries.resources.modify_properties_file import ModifyPropertiesFile -from resource_management.core.source import DownloadSource +from resource_management.core.source import DownloadSource, InlineTemplate from resource_management.core.exceptions import Fail from resource_management.core.logger import Logger from resource_management.libraries.functions.format import format -from resource_management.core.shell import as_sudo from resource_management.libraries.functions.ranger_functions import Rangeradmin -def kms(): +def setup_kms_db(): import params if params.has_ranger_admin: @@ -43,73 +43,243 @@ def kms(): content = DownloadSource(params.driver_curl_source) ) - File(params.downloaded_connector_path, - content = DownloadSource(params.driver_source) - ) - Directory(params.java_share_dir, mode=0755 ) if not os.path.isfile(params.driver_curl_target): Execute(('cp', '--remove-destination', params.downloaded_custom_connector, params.driver_curl_target), - path=["/bin", "/usr/bin/"], - sudo=True) + path=["/bin", "/usr/bin/"], + sudo=True) + + Directory(os.path.join(params.kms_home, 'ews', 'lib'), + mode=0755 + ) + + if not os.path.isfile(os.path.join(params.kms_home, 'ews', 'webapp', 'lib', params.jdbc_jar_name)): + Execute(('cp', '--remove-destination', params.downloaded_custom_connector, os.path.join(params.kms_home, 'ews', 'webapp', 'lib')), + path=["/bin", "/usr/bin/"], + sudo=True) + + ModifyPropertiesFile(format("/usr/hdp/current/ranger-kms/install.properties"), + properties = params.config['configurations']['kms-properties'] + ) + + dba_setup = format('python {kms_home}/dba_script.py -q') + db_setup = format('python {kms_home}/db_setup.py') + + Execute(dba_setup, environment={'RANGER_KMS_HOME':params.kms_home, 'JAVA_HOME': params.java_home}, logoutput=True) + Execute(db_setup, environment={'RANGER_KMS_HOME':params.kms_home, 'JAVA_HOME': params.java_home}, logoutput=True) + +def setup_java_patch(): + import params + + if params.has_ranger_admin: + + setup_java_patch = format('python {kms_home}/db_setup.py -javapatch') + Execute(setup_java_patch, environment={'RANGER_KMS_HOME':params.kms_home, 'JAVA_HOME': params.java_home}, logoutput=True) + + kms_lib_path = format('{kms_home}/ews/webapp/lib/') + files = os.listdir(kms_lib_path) + hadoop_jar_files = [] + + for x in files: + if x.startswith('hadoop-common') and x.endswith('.jar'): + hadoop_jar_files.append(x) + + if len(hadoop_jar_files) != 0: + for f in hadoop_jar_files: + Execute(('jar','-uf', format('{kms_home}/ews/webapp/lib/{f}'), format('{kms_home}/ews/webapp/META-INF/services/org.apache.hadoop.crypto.key.KeyProviderFactory')), + sudo=True) + + File(format('{kms_home}/ews/webapp/lib/{f}'), owner=params.kms_user, group=params.kms_group) + + +def do_keystore_setup(cred_provider_path, credential_alias, credential_password): + import params + + if cred_provider_path is not None: + cred_setup = format('{cred_setup_prefix} -f {cred_provider_path} -k "{credential_alias}" -v "{credential_password}" -c 1') + + Execute(cred_setup, logoutput=True) + + File(cred_provider_path, + owner = params.kms_user, + group = params.kms_group + ) + +def kms(): + import params + + if params.has_ranger_admin: + + File(params.downloaded_connector_path, + content = DownloadSource(params.driver_source) + ) if not os.path.isfile(params.driver_target): Execute(('cp', '--remove-destination', params.downloaded_connector_path, params.driver_target), path=["/bin", "/usr/bin/"], sudo=True) + Directory(os.path.join(params.kms_home, 'ews', 'webapp', 'WEB-INF', 'classes', 'lib'), + mode=0755, + owner=params.kms_user, + group=params.kms_group + ) + + Execute(('cp',format('{kms_home}/ranger-kms-initd'),'/etc/init.d/ranger-kms'), + not_if=format('ls /etc/init.d/ranger-kms'), + only_if=format('ls {kms_home}/ranger-kms-initd'), + sudo=True) + + File('/etc/init.d/ranger-kms', + mode = 0755 + ) + + Execute(('chown','-R',format('{kms_user}:{kms_group}'), format('{kms_home}/')), sudo=True) + + Execute(('ln','-sf', format('{kms_home}/ranger-kms'),'/usr/bin/ranger-kms'), + not_if=format('ls /usr/bin/ranger-kms'), + only_if=format('ls {kms_home}/ranger-kms'), + sudo=True) + + File('/usr/bin/ranger-kms', mode = 0755) + + Execute(('ln','-sf', format('{kms_home}/ranger-kms'),'/usr/bin/ranger-kms-services.sh'), + not_if=format('ls /usr/bin/ranger-kms-services.sh'), + only_if=format('ls {kms_home}/ranger-kms'), + sudo=True) + + File('/usr/bin/ranger-kms-services.sh', mode = 0755) + + Execute(('ln','-sf', format('{kms_home}/ranger-kms-initd'),format('{kms_home}/ranger-kms-services.sh')), + not_if=format('ls {kms_home}/ranger-kms-services.sh'), + only_if=format('ls {kms_home}/ranger-kms-initd'), + sudo=True) + + File(format('{kms_home}/ranger-kms-services.sh'), mode = 0755) + + Directory(params.kms_log_dir, + owner = params.kms_user, + group = params.kms_group, + mode = 0775 + ) + + do_keystore_setup(params.credential_provider_path, params.jdbc_alias, params.db_password) + do_keystore_setup(params.credential_provider_path, params.masterkey_alias, params.kms_master_key_password) + + XmlConfig("dbks-site.xml", + conf_dir=params.kms_conf_dir, + configurations=params.config['configurations']['dbks-site'], + configuration_attributes=params.config['configuration_attributes']['dbks-site'], + owner=params.kms_user, + group=params.kms_group + ) + + XmlConfig("ranger-kms-site.xml", + conf_dir=params.kms_conf_dir, + configurations=params.config['configurations']['ranger-kms-site'], + configuration_attributes=params.config['configuration_attributes']['ranger-kms-site'], + owner=params.kms_user, + group=params.kms_group + ) + + XmlConfig("kms-site.xml", + conf_dir=params.kms_conf_dir, + configurations=params.config['configurations']['kms-site'], + configuration_attributes=params.config['configuration_attributes']['kms-site'], + owner=params.kms_user, + group=params.kms_group + ) + + File(os.path.join(params.kms_conf_dir, "kms-log4j.properties"), + owner=params.kms_user, + group=params.kms_group, + content=params.kms_log4j + ) + +def enable_kms_plugin(): + + import params + + if params.has_ranger_admin: + ranger_adm_obj = Rangeradmin(url=params.policymgr_mgr_url) response_code, response_recieved = ranger_adm_obj.check_ranger_login_urllib2(params.policymgr_mgr_url + '/login.jsp', 'test:test') if response_code is not None and response_code == 200: ambari_ranger_admin, ambari_ranger_password = ranger_adm_obj.create_ambari_admin_user(params.ambari_ranger_admin, params.ambari_ranger_password, params.admin_uname_password) ambari_username_password_for_ranger = ambari_ranger_admin + ':' + ambari_ranger_password else: - raise Fail('Ranger service is not started on given host') + raise Fail('Ranger service is not started on given host') - if ambari_ranger_admin != '' and ambari_ranger_password != '': + if ambari_ranger_admin != '' and ambari_ranger_password != '': get_repo_flag = get_repo(params.policymgr_mgr_url, params.repo_name, ambari_username_password_for_ranger) if not get_repo_flag: create_repo(params.policymgr_mgr_url, json.dumps(params.kms_ranger_plugin_repo), ambari_username_password_for_ranger) else: raise Fail('Ambari admin username and password not available') - file_path = format('{kms_home}/install.properties') - if not os.path.isfile(file_path): - raise Fail(format('Ranger kms install.properties file does not exist at {file_path}')) + current_datetime = datetime.now() - ModifyPropertiesFile(file_path, - properties = params.config['configurations']['kms-properties'] + File(format('{kms_conf_dir}/ranger-security.xml'), + owner = params.kms_user, + group = params.kms_group, + mode = 0644, + content = InlineTemplate(format('<ranger>\n<enabled>{current_datetime}</enabled>\n</ranger>')) ) - env_dict = {'JAVA_HOME': params.java_home, 'RANGER_HOME': params.kms_home} - setup_sh = format("cd {kms_home} && ") + as_sudo([format('{kms_home}/setup.sh')]) - Execute(setup_sh, environment=env_dict, logoutput=True) + Directory([os.path.join('/etc', 'ranger', params.repo_name), os.path.join('/etc', 'ranger', params.repo_name, 'policycache')], + owner = params.kms_user, + group = params.kms_group, + mode=0775, + recursive = True + ) + + File(os.path.join('/etc', 'ranger', params.repo_name, 'policycache',format('kms_{repo_name}.json')), + owner = params.kms_user, + group = params.kms_group, + mode = 0644 + ) - XmlConfig("kms-site.xml", + XmlConfig("ranger-kms-audit.xml", conf_dir=params.kms_conf_dir, - configurations=params.config['configurations']['kms-site'], - configuration_attributes=params.config['configuration_attributes']['kms-site'], + configurations=params.config['configurations']['ranger-kms-audit'], + configuration_attributes=params.config['configuration_attributes']['ranger-kms-audit'], owner=params.kms_user, - group=params.kms_group - ) + group=params.kms_group, + mode=0744) - File(os.path.join(params.kms_conf_dir, "kms-log4j.properties"), + XmlConfig("ranger-kms-security.xml", + conf_dir=params.kms_conf_dir, + configurations=params.config['configurations']['ranger-kms-security'], + configuration_attributes=params.config['configuration_attributes']['ranger-kms-security'], owner=params.kms_user, group=params.kms_group, - content=params.kms_log4j - ) + mode=0744) - File(format('{kms_conf_dir}/dbks-site.xml'), + XmlConfig("ranger-policymgr-ssl.xml", + conf_dir=params.kms_conf_dir, + configurations=params.config['configurations']['ranger-kms-policymgr-ssl'], + configuration_attributes=params.config['configuration_attributes']['ranger-kms-policymgr-ssl'], owner=params.kms_user, - group=params.kms_group - ) + group=params.kms_group, + mode=0744) - File(format('{kms_home}/ranger-kms'), - mode=0755 - ) + if params.xa_audit_db_is_enabled: + cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "auditDBCred" -v "{xa_audit_db_password}" -c 1') + Execute(cred_setup, logoutput=True) + + cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslKeyStore" -v "{ssl_keystore_password}" -c 1') + Execute(cred_setup, logoutput=True) + + cred_setup = format('{cred_setup_prefix} -f {credential_file} -k "sslTrustStore" -v "{ssl_truststore_password}" -c 1') + Execute(cred_setup, logoutput=True) + + File(params.credential_file, + owner = params.kms_user, + group = params.kms_group) + def create_repo(url, data, usernamepassword): try: http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py old mode 100644 new mode 100755 index b6020ff..4be76ef --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/kms_server.py @@ -23,14 +23,19 @@ from resource_management.core.exceptions import ComponentIsNotRunning from resource_management.libraries.functions.format import format from resource_management.core.logger import Logger from resource_management.core import shell -from kms import kms +from kms import kms, setup_kms_db, setup_java_patch, enable_kms_plugin from kms_service import kms_service class KmsServer(Script): def install(self, env): self.install_packages(env) + import params + env.set_params(params) + + setup_kms_db() self.configure(env) + setup_java_patch() def stop(self, env, rolling_restart=False): import params @@ -43,9 +48,10 @@ class KmsServer(Script): env.set_params(params) self.configure(env) + enable_kms_plugin() kms_service(action = 'start') - def status(self, env): + def status(self, env): kms_service(action = 'status') def configure(self, env): http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py old mode 100644 new mode 100755 index d02d0cf..3d0ce0c --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/package/scripts/params.py @@ -17,8 +17,9 @@ See the License for the specific language governing permissions and limitations under the License. """ +import os from resource_management.libraries.script import Script -from resource_management.libraries.functions.version import format_hdp_stack_version +from resource_management.libraries.functions.version import format_hdp_stack_version, compare_versions from resource_management.libraries.functions.format import format from resource_management.libraries.functions.default import default @@ -37,7 +38,7 @@ if stack_is_hdp23_or_further: kms_home = '/usr/hdp/current/ranger-kms' kms_conf_dir = '/etc/ranger/kms/conf' - +kms_log_dir = config['configurations']['kms-env']['kms_log_dir'] java_home = config['hostLevelParams']['java_home'] kms_user = default("/configurations/kms-env/kms_user", "kms") kms_group = default("/configurations/kms-env/kms_group", "kms") @@ -52,41 +53,60 @@ kms_host = config['clusterHostInfo']['ranger_kms_server_hosts'][0] kms_port = config['configurations']['kms-env']['kms_port'] #kms properties -policymgr_mgr_url = format('http://{ranger_admin_hosts}:6080') -sql_connector_jar = config['configurations']['kms-properties']['SQL_CONNECTOR_JAR'] -db_flavor = config['configurations']['kms-properties']['DB_FLAVOR'] -xa_audit_db_flavor = config['configurations']['admin-properties']['DB_FLAVOR'] -xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name'] -xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user'] -xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password'] -xa_db_host = config['configurations']['admin-properties']['db_host'] +db_flavor = (config['configurations']['kms-properties']['DB_FLAVOR']).lower() +db_host = config['configurations']['kms-properties']['db_host'] +db_name = config['configurations']['kms-properties']['db_name'] +db_user = config['configurations']['kms-properties']['db_user'] +db_password = unicode(config['configurations']['kms-properties']['db_password']) +kms_master_key_password = unicode(config['configurations']['kms-properties']['KMS_MASTER_KEY_PASSWD']) +credential_provider_path = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.credential.provider.path'] +jdbc_alias = config['configurations']['dbks-site']['ranger.ks.jpa.jdbc.credential.alias'] +masterkey_alias = config['configurations']['dbks-site']['ranger.ks.masterkey.credential.alias'] repo_name = str(config['clusterName']) + '_kms' +cred_lib_path = os.path.join(kms_home,"cred","lib","*") +cred_setup_prefix = format('python {kms_home}/ranger_credential_helper.py -l "{cred_lib_path}"') +credential_file = format('/etc/ranger/kms/{repo_name}/cred.jceks') -repo_config_username = config['configurations']['kms-properties']['REPOSITORY_CONFIG_USERNAME'] -repo_config_password = config['configurations']['kms-properties']['REPOSITORY_CONFIG_PASSWORD'] - -admin_uname = config['configurations']['ranger-env']['admin_username'] -admin_password = config['configurations']['ranger-env']['admin_password'] - -ambari_ranger_admin = config['configurations']['ranger-env']['ranger_admin_username'] -ambari_ranger_password = config['configurations']['ranger-env']['ranger_admin_password'] - -admin_uname_password = format("{admin_uname}:{admin_password}") +if has_ranger_admin: + policymgr_mgr_url = config['configurations']['admin-properties']['policymgr_external_url'] + xa_audit_db_flavor = (config['configurations']['admin-properties']['DB_FLAVOR']).lower() + xa_audit_db_name = config['configurations']['admin-properties']['audit_db_name'] + xa_audit_db_user = config['configurations']['admin-properties']['audit_db_user'] + xa_audit_db_password = config['configurations']['admin-properties']['audit_db_password'] + xa_db_host = config['configurations']['admin-properties']['db_host'] + + admin_uname = config['configurations']['ranger-env']['admin_username'] + admin_password = config['configurations']['ranger-env']['admin_password'] + ambari_ranger_admin = config['configurations']['ranger-env']['ranger_admin_username'] + ambari_ranger_password = config['configurations']['ranger-env']['ranger_admin_password'] + admin_uname_password = format("{admin_uname}:{admin_password}") java_share_dir = '/usr/share/java' -if has_ranger_admin: - if db_flavor.lower() == 'mysql': - jdbc_symlink_name = "mysql-jdbc-driver.jar" - jdbc_jar_name = "mysql-connector-java.jar" - elif db_flavor.lower() == 'oracle': - jdbc_jar_name = "ojdbc6.jar" - jdbc_symlink_name = "oracle-jdbc-driver.jar" - elif db_flavor.lower() == 'postgres': - jdbc_jar_name = "postgresql.jar" - jdbc_symlink_name = "postgres-jdbc-driver.jar" - elif db_flavor.lower() == 'sqlserver': - jdbc_jar_name = "sqljdbc4.jar" - jdbc_symlink_name = "mssql-jdbc-driver.jar" + +if db_flavor == 'mysql': + jdbc_symlink_name = "mysql-jdbc-driver.jar" + jdbc_jar_name = "mysql-connector-java.jar" + db_jdbc_url = format('jdbc:log4jdbc:mysql://{db_host}/{db_name}') + db_jdbc_driver = "net.sf.log4jdbc.DriverSpy" + jdbc_dialect = "org.eclipse.persistence.platform.database.MySQLPlatform" +elif db_flavor == 'oracle': + jdbc_jar_name = "ojdbc6.jar" + jdbc_symlink_name = "oracle-jdbc-driver.jar" + db_jdbc_url = format('jdbc:oracle:thin:\@//{db_host}') + db_jdbc_driver = "oracle.jdbc.OracleDriver" + jdbc_dialect = "org.eclipse.persistence.platform.database.OraclePlatform" +elif db_flavor == 'postgres': + jdbc_jar_name = "postgresql.jar" + jdbc_symlink_name = "postgres-jdbc-driver.jar" + db_jdbc_url = format('jdbc:postgresql://{db_host}/{db_name}') + db_jdbc_driver = "org.postgresql.Driver" + jdbc_dialect = "org.eclipse.persistence.platform.database.PostgreSQLPlatform" +elif db_flavor == 'sqlserver': + jdbc_jar_name = "sqljdbc4.jar" + jdbc_symlink_name = "mssql-jdbc-driver.jar" + db_jdbc_url = format('jdbc:sqlserver://{db_host};databaseName={db_name}') + db_jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" + jdbc_dialect = "org.eclipse.persistence.platform.database.SQLServerPlatform" downloaded_custom_connector = format("{tmp_dir}/{jdbc_jar_name}") @@ -94,23 +114,34 @@ driver_curl_source = format("{jdk_location}/{jdbc_symlink_name}") driver_curl_target = format("{java_share_dir}/{jdbc_jar_name}") if has_ranger_admin: - if xa_audit_db_flavor.lower() == 'mysql': + if xa_audit_db_flavor == 'mysql': jdbc_symlink = "mysql-jdbc-driver.jar" jdbc_jar = "mysql-connector-java.jar" - elif xa_audit_db_flavor.lower() == 'oracle': + audit_jdbc_url = format('jdbc:mysql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "com.mysql.jdbc.Driver" + elif xa_audit_db_flavor == 'oracle': jdbc_jar = "ojdbc6.jar" jdbc_symlink = "oracle-jdbc-driver.jar" - elif xa_audit_db_flavor.lower() == 'postgres': + audit_jdbc_url = format('jdbc:oracle:thin:\@//{xa_db_host}') + jdbc_driver = "oracle.jdbc.OracleDriver" + elif xa_audit_db_flavor == 'postgres': jdbc_jar = "postgresql.jar" jdbc_symlink = "postgres-jdbc-driver.jar" - elif xa_audit_db_flavor.lower() == 'sqlserver': + audit_jdbc_url = format('jdbc:postgresql://{xa_db_host}/{xa_audit_db_name}') + jdbc_driver = "org.postgresql.Driver" + elif xa_audit_db_flavor == 'sqlserver': jdbc_jar = "sqljdbc4.jar" jdbc_symlink = "mssql-jdbc-driver.jar" + audit_jdbc_url = format('jdbc:sqlserver://{xa_db_host};databaseName={xa_audit_db_name}') + jdbc_driver = "com.microsoft.sqlserver.jdbc.SQLServerDriver" -downloaded_connector_path = format("{tmp_dir}/{jdbc_jar}") + downloaded_connector_path = format("{tmp_dir}/{jdbc_jar}") -driver_source = format("{jdk_location}/{jdbc_symlink}") -driver_target = format("{java_share_dir}/{jdbc_jar}") + driver_source = format("{jdk_location}/{jdbc_symlink}") + driver_target = format("{java_share_dir}/{jdbc_jar}") + +repo_config_username = config['configurations']['kms-properties']['REPOSITORY_CONFIG_USERNAME'] +repo_config_password = unicode(config['configurations']['kms-properties']['REPOSITORY_CONFIG_PASSWORD']) kms_plugin_config = { 'username' : repo_config_username, @@ -125,3 +156,7 @@ kms_ranger_plugin_repo = { 'name' : repo_name, 'type' : 'kms' } + +xa_audit_db_is_enabled = config['configurations']['ranger-kms-audit']['xasecure.audit.db.is.enabled'] +ssl_keystore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.keystore.password']) +ssl_truststore_password = unicode(config['configurations']['ranger-kms-policymgr-ssl']['xasecure.policymgr.clientssl.truststore.password']) http://git-wip-us.apache.org/repos/asf/ambari/blob/045d612e/ambari-web/app/data/HDP2.3/site_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js index b41cd78..6d186c7 100644 --- a/ambari-web/app/data/HDP2.3/site_properties.js +++ b/ambari-web/app/data/HDP2.3/site_properties.js @@ -244,6 +244,16 @@ hdp23properties.push({ }, { "id": "site property", + "name": "xasecure.audit.hdfs.config.encoding", + "displayName": "xasecure.audit.hdfs.config.encoding", + "defaultValue": "", + "isRequired": false, + "filename": "ranger-kms-audit.xml", + "category": "Advanced ranger-kms-audit", + "serviceName": "RANGER_KMS" + }, + { + "id": "site property", "name": "ranger-yarn-plugin-enabled", "displayType": "checkbox", "displayName": "Enable Ranger for YARN",
