Repository: ambari Updated Branches: refs/heads/trunk eb3f9cf74 -> 585165305
Fix Ranger RU for Hive, Knox, Storm (Gautam Borad via ncole) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/58516530 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/58516530 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/58516530 Branch: refs/heads/trunk Commit: 58516530508d929ed62d87189e120fc1479ee1ce Parents: eb3f9cf Author: Nate Cole <[email protected]> Authored: Wed Jun 10 15:35:29 2015 -0400 Committer: Nate Cole <[email protected]> Committed: Wed Jun 10 15:35:29 2015 -0400 ---------------------------------------------------------------------- .../0.12.0.2.0/package/scripts/hive_server.py | 2 +- .../package/scripts/setup_ranger_hive.py | 10 +- .../0.5.0.2.2/package/scripts/knox_gateway.py | 2 +- .../package/scripts/setup_ranger_knox.py | 10 +- .../STORM/0.9.1.2.1/package/scripts/nimbus.py | 2 +- .../package/scripts/setup_ranger_storm.py | 10 +- .../0.9.1.2.1/package/scripts/ui_server.py | 2 +- .../stacks/HDP/2.2/upgrades/upgrade-2.3.xml | 114 ++++++++++++------- ambari-web/app/data/HDP2.3/site_properties.js | 2 +- 9 files changed, 99 insertions(+), 55 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py index de7f864..e29df4f 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_server.py @@ -86,7 +86,7 @@ class HiveServerDefault(HiveServer): env.set_params(params) self.configure(env) # FOR SECURITY - setup_ranger_hive() + setup_ranger_hive(rolling_upgrade=rolling_restart) hive_service( 'hiveserver2', action = 'start', rolling_restart=rolling_restart) def stop(self, env, rolling_restart=False): http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py index ac7f473..b0f0c3f 100644 --- a/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py +++ b/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/setup_ranger_hive.py @@ -19,7 +19,7 @@ limitations under the License. """ from resource_management.core.logger import Logger -def setup_ranger_hive(): +def setup_ranger_hive(rolling_upgrade = False): import params if params.has_ranger_admin: @@ -29,6 +29,10 @@ def setup_ranger_hive(): else: from resource_management.libraries.functions.setup_ranger_plugin import setup_ranger_plugin + hdp_version = None + if rolling_upgrade: + hdp_version = params.version + setup_ranger_plugin('hive-server2', 'hive', params.ranger_downloaded_custom_connector, params.ranger_driver_curl_source, params.ranger_driver_curl_target, params.java64_home, @@ -42,7 +46,7 @@ def setup_ranger_hive(): plugin_policymgr_ssl_properties=params.config['configurations']['ranger-hive-policymgr-ssl'], plugin_policymgr_ssl_attributes=params.config['configuration_attributes']['ranger-hive-policymgr-ssl'], component_list=['hive-client', 'hive-metastore', 'hive-server2'], audit_db_is_enabled=params.xa_audit_db_is_enabled, credential_file=params.credential_file, xa_audit_db_password=params.xa_audit_db_password, - ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password - ) + ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password, + hdp_version_override = hdp_version) else: Logger.info('Ranger admin not installed') http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py index d9c9565..fab849c 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/knox_gateway.py @@ -150,7 +150,7 @@ class KnoxGatewayDefault(KnoxGateway): self.configure(env) daemon_cmd = format('{knox_bin} start') no_op_test = format('ls {knox_pid_file} >/dev/null 2>&1 && ps -p `cat {knox_pid_file}` >/dev/null 2>&1') - setup_ranger_knox() + setup_ranger_knox(rolling_upgrade=rolling_restart) # Used to setup symlink, needed to update the knox managed symlink, in case of custom locations if os.path.islink(params.knox_managed_pid_symlink) and os.path.realpath(params.knox_managed_pid_symlink) != params.knox_pid_dir: os.unlink(params.knox_managed_pid_symlink) http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py index 2db23a0..f1319b3 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/package/scripts/setup_ranger_knox.py @@ -19,7 +19,7 @@ limitations under the License. """ from resource_management.core.logger import Logger -def setup_ranger_knox(): +def setup_ranger_knox(rolling_upgrade = False): import params if params.has_ranger_admin: @@ -29,6 +29,10 @@ def setup_ranger_knox(): else: from resource_management.libraries.functions.setup_ranger_plugin import setup_ranger_plugin + hdp_version = None + if rolling_upgrade: + hdp_version = params.version + setup_ranger_plugin('knox-server', 'knox', params.downloaded_custom_connector, params.driver_curl_source, params.driver_curl_target, params.java_home, @@ -42,7 +46,7 @@ def setup_ranger_knox(): plugin_policymgr_ssl_properties=params.config['configurations']['ranger-knox-policymgr-ssl'], plugin_policymgr_ssl_attributes=params.config['configuration_attributes']['ranger-knox-policymgr-ssl'], component_list=['knox-server'], audit_db_is_enabled=params.xa_audit_db_is_enabled, credential_file=params.credential_file, xa_audit_db_password=params.xa_audit_db_password, - ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password - ) + ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password, + hdp_version_override = hdp_version) else: Logger.info('Ranger admin not installed') \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py index 93f3e05..6f8d5b0 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/nimbus.py @@ -65,7 +65,7 @@ class NimbusDefault(Nimbus): import params env.set_params(params) self.configure(env) - setup_ranger_storm() + setup_ranger_storm(rolling_upgrade=rolling_restart) service("nimbus", action="start") http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py index 3c69b6b..d874ba3 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/setup_ranger_storm.py @@ -19,7 +19,7 @@ limitations under the License. """ from resource_management.core.logger import Logger -def setup_ranger_storm(): +def setup_ranger_storm(rolling_upgrade = False): import params if params.has_ranger_admin and params.security_enabled: @@ -29,6 +29,10 @@ def setup_ranger_storm(): else: from resource_management.libraries.functions.setup_ranger_plugin import setup_ranger_plugin + hdp_version = None + if rolling_upgrade: + hdp_version = params.version + setup_ranger_plugin('storm-nimbus', 'storm', params.downloaded_custom_connector, params.driver_curl_source, params.driver_curl_target, params.java64_home, @@ -42,7 +46,7 @@ def setup_ranger_storm(): plugin_policymgr_ssl_properties=params.config['configurations']['ranger-storm-policymgr-ssl'], plugin_policymgr_ssl_attributes=params.config['configuration_attributes']['ranger-storm-policymgr-ssl'], component_list=['storm-client', 'storm-nimbus'], audit_db_is_enabled=params.xa_audit_db_is_enabled, credential_file=params.credential_file, xa_audit_db_password=params.xa_audit_db_password, - ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password - ) + ssl_truststore_password=params.ssl_truststore_password, ssl_keystore_password=params.ssl_keystore_password, + hdp_version_override = hdp_version) else: Logger.info('Ranger admin not installed') http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py index 7c1fc6f..abe144f 100644 --- a/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py +++ b/ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/ui_server.py @@ -84,7 +84,7 @@ class UiServerDefault(UiServer): import params env.set_params(params) self.configure(env) - setup_ranger_storm() + setup_ranger_storm(rolling_upgrade=rolling_restart) service("ui", action="start") def stop(self, env, rolling_restart=False): http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml index cc5caf1..aa3096f 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/upgrades/upgrade-2.3.xml @@ -330,7 +330,7 @@ </task> <task xsi:type="configure" summary="Updating Ranger Admin"> <type>ranger-admin-site</type> - <transfer operation="copy" from-type="ranger-site" from-key="HTTPS_CLIENT_AUTH" to-key="xasecure.policymgr.clientssl.keystore" default-value="" /> + <transfer operation="copy" from-type="ranger-site" from-key="HTTPS_CLIENT_AUTH" to-key="ranger.service.https.attrib.clientAuth" default-value="" /> <transfer operation="copy" from-type="ranger-site" from-key="HTTPS_KEYSTORE_FILE" to-key="ranger.https.attrib.keystore.file" default-value="" /> <transfer operation="copy" from-type="ranger-site" from-key="HTTPS_KEYSTORE_PASS" to-key="ranger.service.https.attrib.keystore.pass" default-value="" mask="true" /> <transfer operation="copy" from-type="ranger-site" from-key="HTTPS_KEY_ALIAS" to-key="ranger.service.https.attrib.keystore.keyalias" default-value="" /> @@ -349,11 +349,12 @@ <transfer operation="copy" from-type="admin-properties" from-key="xa_ldap_groupRoleAttribute" to-key="ranger.ldap.group.roleattribute" default-value="" /> <transfer operation="copy" from-type="admin-properties" from-key="xa_ldap_ad_domain" to-key="ranger.ldap.ad.domain" default-value="" /> <transfer operation="copy" from-type="admin-properties" from-key="xa_ldap_ad_url" to-key="ranger.ldap.ad.url" default-value="" /> - <transfer operation="copy" from-type="admin-properties" from-key="policymgr_external_url" to-key="ranger.externalurl" default-value="" /> <transfer operation="copy" from-type="admin-properties" from-key="db_user" to-key="ranger.jpa.jdbc.user" default-value="" /> <transfer operation="copy" from-type="admin-properties" from-key="db_password" to-key="ranger.jpa.jdbc.password" default-value="" mask="true" /> <transfer operation="copy" from-type="admin-properties" from-key="audit_db_user" to-key="ranger.jpa.audit.jdbc.user" default-value="" /> <transfer operation="copy" from-type="admin-properties" from-key="audit_db_password" to-key="ranger.jpa.audit.jdbc.password" default-value="" mask="true" /> + + <set key="ranger.externalurl" value="{{ranger_external_url}}" /> </task> <task xsi:type="server_action" summary="Calculating Ranger Properties" class="org.apache.ambari.server.serveraction.upgrades.RangerConfigCalculation" /> @@ -412,6 +413,12 @@ <transfer operation="delete" delete-key="POLICY_MGR_URL" /> <transfer operation="delete" delete-key="" /> </task> + + <task xsi:type="configure"> + <type>ranger-env</type> + <transfer operation="delete" delete-key="oracle_home" /> + <transfer operation="delete" delete-key="" /> + </task> </pre-upgrade> <upgrade> @@ -448,18 +455,19 @@ <task xsi:type="configure" summary="Transitioning Ranger HDFS Audit"> <type>ranger-hdfs-audit</type> <transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="false"/> - <transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit" /> + <transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit" /> <transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true" /> <transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/hadoop/hdfs/audit/hdfs/spool" /> <transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value="" /> <transfer operation="copy" from-type="ranger-hdfs-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.password" mask="true" default-value="" /> - <set key="xasecure.audit.destination.solr" value="true" /> + <set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/> + <set key="xasecure.audit.destination.solr" value="false" /> <set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}" /> - <set key="xasecure.audit.destination.solr.zookeepers" value="" /> - <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/logs/hdfs/audit/solr/spool" /> + <set key="xasecure.audit.destination.solr.zookeepers" value="none" /> + <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/hadoop/hdfs/audit/solr/spool" /> <set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}" /> <set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}" /> - <set key="xasecure.audit.provider.summary.enabled" value="true" /> + <set key="xasecure.audit.provider.summary.enabled" value="false" /> </task> <task xsi:type="configure" summary="Transitioning Ranger HDFS Security"> @@ -479,7 +487,7 @@ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FILE" /> <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS" /> <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS" /> - <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS" /> + <transfer operation="delete" delete-key="SQL_CONNECTOR_JAR" /> <transfer operation="delete" delete-key="SSL_KEYSTORE_FILE_PATH" /> <transfer operation="delete" delete-key="SSL_KEYSTORE_PASSWORD" /> <transfer operation="delete" delete-key="SSL_TRUSTSTORE_FILE_PATH" /> @@ -492,6 +500,9 @@ <transfer operation="delete" delete-key="XAAUDIT.DB.PASSWORD" /> <transfer operation="delete" delete-key="REPOSITORY_NAME" /> <transfer operation="delete" delete-key="POLICY_MGR_URL" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" /> </task> </pre-upgrade> @@ -618,15 +629,16 @@ <task xsi:type="configure" summary="Transitioning Ranger HBase Audit"> <type>ranger-hbase-audit</type> <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="false" /> - <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit" /> + <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit" /> <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true" /> - <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/logs/hadoop/hdfs/audit/hdfs/spool" /> + <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/hbase/audit/hdfs/spool" /> <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value="" /> <transfer operation="copy" from-type="ranger-hbase-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.password" mask="true" default-value="" /> - <set key="xasecure.audit.destination.solr" value="true" /> + <set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/> + <set key="xasecure.audit.destination.solr" value="false" /> <set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}" /> - <set key="xasecure.audit.destination.solr.zookeepers" value="" /> - <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/logs/hbase/audit/solr/spool" /> + <set key="xasecure.audit.destination.solr.zookeepers" value="none" /> + <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/hbase/audit/solr/spool" /> <set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}" /> <set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}" /> <set key="xasecure.audit.provider.summary.enabled" value="true" /> @@ -662,6 +674,9 @@ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" /> <transfer operation="delete" delete-key="XAAUDIT.DB.USER_NAME" /> <transfer operation="delete" delete-key="XAAUDIT.DB.PASSWORD" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" /> </task> </pre-upgrade> @@ -751,26 +766,27 @@ <task xsi:type="configure" summary="Configuring Ranger Hive Security"> <type>ranger-hive-security</type> - <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="POLICY_MGR_URL" to-key="ranger.plugin.hive.service.name" default-value="{{repo_name}}"/> - <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="REPOSITORY_NAME" to-key="ranger.plugin.hive.policy.source.impl" default-value="org.apache.ranger.admin.client.RangerAdminRESTClient"/> + <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="UPDATE_XAPOLICIES_ON_GRANT_REVOKE" to-key="xasecure.hive.update.xapolicies.on.grant.revoke" default-value="true"/> + <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="POLICY_MGR_URL" to-key="ranger.plugin.hive.policy.rest.url" default-value="{{policymgr_mgr_url}}"/> + <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="REPOSITORY_NAME" to-key="ranger.plugin.hive.service.name" default-value="{{repo_name}}"/> </task> <task xsi:type="configure" summary="Configuring Ranger Hive Audit"> <type>ranger-hive-audit</type> - <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="UPDATE_XAPOLICIES_ON_GRANT_REVOKE" to-key="xasecure.hive.update.xapolicies.on.grant.revoke" default-value="TRUE"/> - <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="FALSE"/> - <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit"/> - <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="TRUE"/> - <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/knox/audit/hdfs/spool"/> + <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="true"/> + <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit"/> + <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true"/> + <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/hive/audit/hdfs/spool"/> <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value=""/> - <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.passwordr" default-value="" mask="true"/> - <set key="xasecure.audit.destination.solr" value="TRUE"/> + <transfer operation="copy" from-type="ranger-hive-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.password" default-value="" mask="true"/> + <set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/> + <set key="xasecure.audit.destination.solr" value="false"/> <set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}"/> - <set key="xasecure.audit.destination.solr.zookeepers" value=""/> - <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/knox/audit/solr/spool"/> + <set key="xasecure.audit.destination.solr.zookeepers" value="none"/> + <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/hive/audit/solr/spool"/> <set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}"/> - <set key="xasecure.audit.destination.db.jdbc.url" value=""/> - <set key="xasecure.audit.provider.summary.enabled" value="TRUE"/> + <set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}"/> + <set key="xasecure.audit.provider.summary.enabled" value="false"/> </task> <task xsi:type="configure" summary="Removing Deprecated Ranger Hive Plugin Configurations"> @@ -797,6 +813,10 @@ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FILE"/> <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS"/> <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS"/> + <transfer operation="delete" delete-key="SQL_CONNECTOR_JAR" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" /> </task> </pre-upgrade> @@ -951,19 +971,20 @@ <task xsi:type="configure" summary="Configuring Ranger Knox Audit"> <type>ranger-knox-audit</type> - <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="FALSE"/> - <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit"/> - <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="TRUE"/> + <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="true"/> + <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit"/> + <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true"/> <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/knox/audit/hdfs/spool"/> <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value=""/> <transfer operation="copy" from-type="ranger-knox-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.passwordr" default-value="" mask="true"/> - <set key="xasecure.audit.destination.solr" value="TRUE"/> + <set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/> + <set key="xasecure.audit.destination.solr" value="false"/> <set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}"/> - <set key="xasecure.audit.destination.solr.zookeepers" value=""/> + <set key="xasecure.audit.destination.solr.zookeepers" value="none"/> <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/knox/audit/solr/spool"/> <set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}"/> - <set key="xasecure.audit.destination.db.jdbc.url" value=""/> - <set key="xasecure.audit.provider.summary.enabled" value="TRUE"/> + <set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}"/> + <set key="xasecure.audit.provider.summary.enabled" value="false"/> </task> <task xsi:type="configure" summary="Removing Deprecated Ranger Knox Plugin Configurations"> @@ -987,6 +1008,12 @@ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FILE"/> <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS"/> <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS"/> + <transfer operation="delete" delete-key="SQL_CONNECTOR_JAR" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" /> + <transfer operation="delete" delete-key="REPOSITORY_NAME" /> + <transfer operation="delete" delete-key="POLICY_MGR_URL" /> </task> </pre-upgrade> <upgrade> @@ -1034,21 +1061,20 @@ <task xsi:type="configure" summary="Configuring Ranger Storm Audit"> <type>ranger-storm-audit</type> - <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="FALSE" /> - <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://{{namenode_hostname}}:8020/ranger/audit" /> - <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="TRUE" /> + <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.DB.IS_ENABLED" to-key="xasecure.audit.destination.db" default-value="true" /> + <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.DESTINATION_DIRECTORY" to-key="xasecure.audit.destination.hdfs.dir" default-value="hdfs://NAMENODE_HOSTNAME:8020/ranger/audit" /> + <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.IS_ENABLED" to-key="xasecure.audit.destination.hdfs" default-value="true" /> <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY" to-key="xasecure.audit.destination.hdfs.batch.filespool.dir" default-value="/var/log/storm/audit/hdfs/spool" /> <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.DB.USER_NAME" to-key="xasecure.audit.destination.db.user" default-value=""/> <transfer operation="copy" from-type="ranger-storm-plugin-properties" from-key="XAAUDIT.DB.PASSWORD" to-key="xasecure.audit.destination.db.passwordr" default-value="" mask="true"/> <set key="xasecure.audit.credential.provider.file" value="jceks://file{{credential_file}}"/> - <set key="xasecure.audit.destination.solr" value="TRUE"/> + <set key="xasecure.audit.destination.solr" value="false"/> <set key="xasecure.audit.destination.solr.urls" value="{{ranger_audit_solr_urls}}"/> - <set key="xasecure.audit.destination.solr.zookeepers" value=""/> + <set key="xasecure.audit.destination.solr.zookeepers" value="none"/> <set key="xasecure.audit.destination.solr.batch.filespool.dir" value="/var/log/storm/audit/solr/spool"/> <set key="xasecure.audit.destination.db.jdbc.driver" value="{{jdbc_driver}}"/> - <set key="xasecure.audit.destination.db.jdbc.url" value=""/> - <set key="xasecure.audit.destination.db.user" value=""/> - <set key="xasecure.audit.provider.summary.enabled" value="TRUE"/> + <set key="xasecure.audit.destination.db.jdbc.url" value="{{audit_jdbc_url}}"/> + <set key="xasecure.audit.provider.summary.enabled" value="false"/> </task> <task xsi:type="configure" summary="Removing Deprecated Ranger Storm Plugin Configurations"> @@ -1072,6 +1098,12 @@ <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FILE"/> <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS"/> <transfer operation="delete" delete-key="XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS"/> + <transfer operation="delete" delete-key="SQL_CONNECTOR_JAR" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.FLAVOUR" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.DATABASE_NAME" /> + <transfer operation="delete" delete-key="XAAUDIT.DB.HOSTNAME" /> + <transfer operation="delete" delete-key="REPOSITORY_NAME" /> + <transfer operation="delete" delete-key="POLICY_MGR_URL" /> </task> </pre-upgrade> <upgrade> http://git-wip-us.apache.org/repos/asf/ambari/blob/58516530/ambari-web/app/data/HDP2.3/site_properties.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/data/HDP2.3/site_properties.js b/ambari-web/app/data/HDP2.3/site_properties.js index ff7ce36..76d4b8f 100644 --- a/ambari-web/app/data/HDP2.3/site_properties.js +++ b/ambari-web/app/data/HDP2.3/site_properties.js @@ -260,7 +260,7 @@ hdp23properties.push({ }, { "id": "site property", - "name": "xasecure.audit.db.is.enabled", + "name": "xasecure.audit.destination.db", "displayName": "Audit to DB", "displayType": "checkbox", "filename": "ranger-hbase-audit.xml",
