Repository: ambari Updated Branches: refs/heads/branch-2.1 ffb015f76 -> a9305acb7
AMBARI-13040. Improve help text description for Ranger properties in Ambari. (Gautam board via jaimin) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a9305acb Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a9305acb Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a9305acb Branch: refs/heads/branch-2.1 Commit: a9305acb719224186903adb005bc6080940e5fc9 Parents: ffb015f Author: Jaimin Jetly <[email protected]> Authored: Sun Sep 13 22:53:50 2015 -0700 Committer: Jaimin Jetly <[email protected]> Committed: Sun Sep 13 22:53:50 2015 -0700 ---------------------------------------------------------------------- .../ranger-knox-plugin-properties.xml | 4 +- .../configuration/ranger-kms-audit.xml | 32 +++--- .../ranger-hbase-plugin-properties.xml | 2 +- .../ranger-hdfs-plugin-properties.xml | 5 +- .../ranger-hive-plugin-properties.xml | 2 +- .../ranger-storm-plugin-properties.xml | 2 +- .../HBASE/configuration/ranger-hbase-audit.xml | 32 +++--- .../ranger-hbase-policymgr-ssl.xml | 6 +- .../HDFS/configuration/ranger-hdfs-audit.xml | 32 +++--- .../configuration/ranger-hdfs-policymgr-ssl.xml | 6 +- .../HIVE/configuration/ranger-hive-audit.xml | 32 +++--- .../configuration/ranger-hive-policymgr-ssl.xml | 6 +- .../HIVE/configuration/ranger-hive-security.xml | 2 +- .../KAFKA/configuration/ranger-kafka-audit.xml | 32 +++--- .../ranger-kafka-plugin-properties.xml | 2 +- .../ranger-kafka-policymgr-ssl.xml | 6 +- .../KNOX/configuration/ranger-knox-audit.xml | 32 +++--- .../configuration/ranger-knox-policymgr-ssl.xml | 6 +- .../RANGER/configuration/ranger-admin-site.xml | 78 +++++++-------- .../RANGER/configuration/ranger-ugsync-site.xml | 100 +++++++++++-------- .../STORM/configuration/ranger-storm-audit.xml | 32 +++--- .../ranger-storm-policymgr-ssl.xml | 6 +- .../YARN/configuration/ranger-yarn-audit.xml | 32 +++--- .../ranger-yarn-plugin-properties.xml | 2 +- .../configuration/ranger-yarn-policymgr-ssl.xml | 6 +- 25 files changed, 258 insertions(+), 239 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml index 8bf1dd3..d2be68e 100644 --- a/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml +++ b/ambari-server/src/main/resources/common-services/KNOX/0.5.0.2.2/configuration/ranger-knox-plugin-properties.xml @@ -29,7 +29,7 @@ <property> <name>common.name.for.certificate</name> <value></value> - <description>Used for repository creation on ranger admin</description> + <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> </property> <property> @@ -54,7 +54,7 @@ <property> <name>KNOX_HOME</name> <value>/usr/hdp/current/knox-server</value> - <description></description> + <description>Knox home folder</description> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml index e5bd75e..4355548 100644 --- a/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml +++ b/ambari-server/src/main/resources/common-services/RANGER_KMS/0.5.0.2.3/configuration/ranger-kms-audit.xml @@ -23,97 +23,97 @@ <property> <name>xasecure.audit.is.enabled</name> <value>true</value> - <description></description> + <description>Is Audit enabled?</description> </property> <property> <name>xasecure.audit.destination.db</name> <value>false</value> - <description></description> + <description>Is Audit to DB enabled?</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> - <description></description> + <description>Audit DB JDBC URL</description> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> - <description></description> + <description>Audit DB JDBC User</description> </property> <property> <name>xasecure.audit.destination.db.password</name> <value>crypted</value> - <description></description> + <description>Audit DB JDBC Password</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> - <description></description> + <description>Audit DB JDBC Driver</description> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> - <description></description> + <description>Credential file store</description> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/ranger/kms/audit/db/spool</value> - <description></description> + <description>/var/log/ranger/kms/audit/db/spool</description> </property> <property> <name>xasecure.audit.destination.hdfs</name> <value>true</value> - <description></description> + <description>Is Audit to HDFS enabled?</description> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description></description> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/ranger/kms/audit/hdfs/spool</value> - <description></description> + <description>/var/log/ranger/kms/audit/hdfs/spool</description> </property> <property> <name>xasecure.audit.destination.solr</name> <value>true</value> - <description></description> + <description>Is Solr audit enabled?</description> </property> <property> <name>xasecure.audit.destination.solr.urls</name> <value>{{ranger_audit_solr_urls}}</value> - <description></description> + <description>Solr URL</description> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> <value>none</value> - <description></description> + <description>Solr Zookeeper string</description> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/ranger/kms/audit/solr/spool</value> - <description></description> + <description>/var/log/ranger/kms/audit/solr/spool</description> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> <value>false</value> - <description></description> + <description>Enable Summary audit?</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml index 30af22c..7b30951 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HBASE/configuration/ranger-hbase-plugin-properties.xml @@ -23,7 +23,7 @@ <property> <name>common.name.for.certificate</name> <value></value> - <description>Used for repository creation on ranger admin</description> + <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml index 32f7c54..f4f8fe7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HDFS/configuration/ranger-hdfs-plugin-properties.xml @@ -29,14 +29,13 @@ <property> <name>common.name.for.certificate</name> <value></value> - <description>Used for repository creation on ranger admin - </description> + <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> </property> <property> <name>ranger-hdfs-plugin-enabled</name> <value>No</value> - <description>Enable ranger hdfs plugin ?</description> + <description>Enable ranger hdfs plugin?</description> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml index 1b121bc..6c00a7f 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/HIVE/configuration/ranger-hive-plugin-properties.xml @@ -35,7 +35,7 @@ <property> <name>common.name.for.certificate</name> <value></value> - <description>Used for repository creation on ranger admin</description> + <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml index e0c47db..390dc6f 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.2/services/STORM/configuration/ranger-storm-plugin-properties.xml @@ -29,7 +29,7 @@ <property> <name>common.name.for.certificate</name> <value></value> - <description>Used for repository creation on ranger admin</description> + <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml index 070b637..e06456e 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-audit.xml @@ -23,98 +23,98 @@ <property> <name>xasecure.audit.is.enabled</name> <value>true</value> - <description></description> + <description>Is Audit enabled?</description> </property> <property> <name>xasecure.audit.destination.db</name> <value>false</value> - <description></description> + <description>Is Audit to DB enabled?</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> - <description></description> + <description>Audit DB JDBC URL</description> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> - <description></description> + <description>Audit DB JDBC User</description> </property> <property> <name>xasecure.audit.destination.db.password</name> <value>crypted</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Audit DB JDBC Password</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> - <description></description> + <description>Audit DB JDBC Driver</description> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> - <description></description> + <description>Credential file store</description> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/hbase/audit/db/spool</value> - <description></description> + <description>/var/log/hbase/audit/db/spool</description> </property> <property> <name>xasecure.audit.destination.hdfs</name> <value>true</value> - <description></description> + <description>Is Audit to HDFS enabled?</description> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description></description> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/hbase/audit/hdfs/spool</value> - <description></description> + <description>/var/log/hbase/audit/hdfs/spool</description> </property> <property> <name>xasecure.audit.destination.solr</name> <value>false</value> - <description></description> + <description>Is Solr audit enabled?</description> </property> <property> <name>xasecure.audit.destination.solr.urls</name> <value>{{ranger_audit_solr_urls}}</value> - <description></description> + <description>Solr URL</description> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> <value>none</value> - <description></description> + <description>Solr Zookeeper string</description> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/hbase/audit/solr/spool</value> - <description></description> + <description>/var/log/hbase/audit/solr/spool</description> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> <value>true</value> - <description></description> + <description>Enable Summary audit?</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml index 20b5e7d..654b7c7 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HBASE/configuration/ranger-hbase-policymgr-ssl.xml @@ -43,19 +43,19 @@ <name>xasecure.policymgr.clientssl.truststore.password</name> <value>changeit</value> <property-type>PASSWORD</property-type> - <description>java truststore password</description> + <description>java truststore password</description> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java keystore credential file</description> + <description>java keystore credential file</description> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java truststore credential file</description> + <description>java truststore credential file</description> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml index 57329e3..5a0813b 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-audit.xml @@ -23,98 +23,98 @@ <property> <name>xasecure.audit.is.enabled</name> <value>true</value> - <description></description> + <description>Is Audit enabled?</description> </property> <property> <name>xasecure.audit.destination.db</name> <value>false</value> - <description></description> + <description>Is Audit to DB enabled?</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> - <description></description> + <description>Audit DB JDBC URL</description> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> - <description></description> + <description>Audit DB JDBC User</description> </property> <property> <name>xasecure.audit.destination.db.password</name> <value>crypted</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Audit DB JDBC Password</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> - <description></description> + <description>Audit DB JDBC Driver</description> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> - <description></description> + <description>Credential file store</description> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/hadoop/hdfs/audit/db/spool</value> - <description></description> + <description>/var/log/hadoop/hdfs/audit/db/spool</description> </property> <property> <name>xasecure.audit.destination.hdfs</name> <value>true</value> - <description></description> + <description>Is Audit to HDFS enabled?</description> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description></description> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/hadoop/hdfs/audit/hdfs/spool</value> - <description></description> + <description>/var/log/hadoop/hdfs/audit/hdfs/spool</description> </property> <property> <name>xasecure.audit.destination.solr</name> <value>false</value> - <description></description> + <description>Is Solr audit enabled?</description> </property> <property> <name>xasecure.audit.destination.solr.urls</name> <value>{{ranger_audit_solr_urls}}</value> - <description></description> + <description>Solr URL</description> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> <value>none</value> - <description></description> + <description>Solr Zookeeper string</description> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/hadoop/hdfs/audit/solr/spool</value> - <description></description> + <description>/var/log/hadoop/hdfs/audit/solr/spool</description> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> <value>false</value> - <description></description> + <description>Enable Summary audit?</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml index 8f48fcf..b51fefb 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HDFS/configuration/ranger-hdfs-policymgr-ssl.xml @@ -43,19 +43,19 @@ <name>xasecure.policymgr.clientssl.truststore.password</name> <value>changeit</value> <property-type>PASSWORD</property-type> - <description>java truststore password</description> + <description>java truststore password</description> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java keystore credential file</description> + <description>java keystore credential file</description> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java truststore credential file</description> + <description>java truststore credential file</description> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml index d5f07a9..2b27f72 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-audit.xml @@ -23,98 +23,98 @@ <property> <name>xasecure.audit.is.enabled</name> <value>true</value> - <description></description> + <description>Is Audit enabled?</description> </property> <property> <name>xasecure.audit.destination.db</name> <value>false</value> - <description></description> + <description>Is Audit to DB enabled?</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> - <description></description> + <description>Audit DB JDBC URL</description> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> - <description></description> + <description>Audit DB JDBC User</description> </property> <property> <name>xasecure.audit.destination.db.password</name> <value>crypted</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Audit DB JDBC Password</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> - <description></description> + <description>Audit DB JDBC Driver</description> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> - <description></description> + <description>Credential file store</description> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/hive/audit/db/spool</value> - <description></description> + <description>/var/log/hive/audit/db/spool</description> </property> <property> <name>xasecure.audit.destination.hdfs</name> <value>true</value> - <description></description> + <description>Is Audit to HDFS enabled?</description> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description></description> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/hive/audit/hdfs/spool</value> - <description></description> + <description>/var/log/hive/audit/hdfs/spool</description> </property> <property> <name>xasecure.audit.destination.solr</name> <value>false</value> - <description></description> + <description>Is Solr audit enabled?</description> </property> <property> <name>xasecure.audit.destination.solr.urls</name> <value>{{ranger_audit_solr_urls}}</value> - <description></description> + <description>Solr URL</description> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> <value>none</value> - <description></description> + <description>Solr Zookeeper string</description> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/hive/audit/solr/spool</value> - <description></description> + <description>/var/log/hive/audit/solr/spool</description> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> <value>false</value> - <description></description> + <description>Enable Summary audit?</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml index d4a6d45..b8ae6ca 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-policymgr-ssl.xml @@ -43,19 +43,19 @@ <name>xasecure.policymgr.clientssl.truststore.password</name> <value>changeit</value> <property-type>PASSWORD</property-type> - <description>java truststore password</description> + <description>java truststore password</description> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java keystore credential file</description> + <description>java keystore credential file</description> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java truststore credential file</description> + <description>java truststore credential file</description> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml index 5407ccf..d5a80c8 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/HIVE/configuration/ranger-hive-security.xml @@ -23,7 +23,7 @@ <property> <name>ranger.plugin.hive.service.name</name> <value>{{repo_name}}</value> - <description>Name of the Ranger service containing policies for this YARN instance</description> + <description>Name of the Ranger service containing policies for this Hive instance</description> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml index 1433d0a..b7ae3de 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-audit.xml @@ -23,98 +23,98 @@ <property> <name>xasecure.audit.is.enabled</name> <value>true</value> - <description></description> + <description>Is Audit enabled?</description> </property> <property> <name>xasecure.audit.destination.db</name> <value>false</value> - <description></description> + <description>Is Audit to DB enabled?</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> - <description></description> + <description>Audit DB JDBC URL</description> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> - <description></description> + <description>Audit DB JDBC User</description> </property> <property> <name>xasecure.audit.destination.db.password</name> <value>crypted</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Audit DB JDBC Password</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> - <description></description> + <description>Audit DB JDBC Driver</description> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> - <description></description> + <description>Credential file store</description> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/kafka/audit/db/spool</value> - <description></description> + <description>/var/log/kafka/audit/db/spool</description> </property> <property> <name>xasecure.audit.destination.hdfs</name> <value>true</value> - <description></description> + <description>Is Audit to HDFS enabled?</description> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description></description> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/kafka/audit/hdfs/spool</value> - <description></description> + <description>/var/log/kafka/audit/hdfs/spool</description> </property> <property> <name>xasecure.audit.destination.solr</name> <value>true</value> - <description></description> + <description>Is Solr audit enabled?</description> </property> <property> <name>xasecure.audit.destination.solr.urls</name> <value>{{ranger_audit_solr_urls}}</value> - <description></description> + <description>Solr URL</description> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> <value>none</value> - <description></description> + <description>Solr Zookeeper string</description> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/kafka/audit/solr/spool</value> - <description></description> + <description>/var/log/kafka/audit/solr/spool</description> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> <value>true</value> - <description></description> + <description>Enable Summary audit?</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml index 893652d..254fefc 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-plugin-properties.xml @@ -35,7 +35,7 @@ <property> <name>common.name.for.certificate</name> <value></value> - <description>Used for repository creation on ranger admin</description> + <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml index 447320f..993de48 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KAFKA/configuration/ranger-kafka-policymgr-ssl.xml @@ -43,19 +43,19 @@ <name>xasecure.policymgr.clientssl.truststore.password</name> <value>changeit</value> <property-type>PASSWORD</property-type> - <description>java truststore password</description> + <description>java truststore password</description> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file/{{credential_file}}</value> - <description>java keystore credential file</description> + <description>java keystore credential file</description> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file/{{credential_file}}</value> - <description>java truststore credential file</description> + <description>java truststore credential file</description> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml index ba8710a..fcf3867 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-audit.xml @@ -23,98 +23,98 @@ <property> <name>xasecure.audit.is.enabled</name> <value>true</value> - <description></description> + <description>Is Audit enabled?</description> </property> <property> <name>xasecure.audit.destination.db</name> <value>false</value> - <description></description> + <description>Is Audit to DB enabled?</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> - <description></description> + <description>Audit DB JDBC URL</description> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> - <description></description> + <description>Audit DB JDBC User</description> </property> <property> <name>xasecure.audit.destination.db.password</name> <value>crypted</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Audit DB JDBC Password</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> - <description></description> + <description>Audit DB JDBC Driver</description> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> - <description></description> + <description>Credential file store</description> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/knox/audit/db/spool</value> - <description></description> + <description>/var/log/knox/audit/db/spool</description> </property> <property> <name>xasecure.audit.destination.hdfs</name> <value>true</value> - <description></description> + <description>Is Audit to HDFS enabled?</description> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description></description> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/knox/audit/hdfs/spool</value> - <description></description> + <description>/var/log/knox/audit/hdfs/spool</description> </property> <property> <name>xasecure.audit.destination.solr</name> <value>false</value> - <description></description> + <description>Is Solr audit enabled?</description> </property> <property> <name>xasecure.audit.destination.solr.urls</name> <value>{{ranger_audit_solr_urls}}</value> - <description></description> + <description>Solr URL</description> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> <value>none</value> - <description></description> + <description>Solr Zookeeper string</description> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/knox/audit/solr/spool</value> - <description></description> + <description>/var/log/knox/audit/solr/spool</description> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> <value>false</value> - <description></description> + <description>Enable Summary audit?</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml index a39ff0b..b9c5da6 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/KNOX/configuration/ranger-knox-policymgr-ssl.xml @@ -43,19 +43,19 @@ <name>xasecure.policymgr.clientssl.truststore.password</name> <value>changeit</value> <property-type>PASSWORD</property-type> - <description>java truststore password</description> + <description>java truststore password</description> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java keystore credential file</description> + <description>java keystore credential file</description> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java truststore credential file</description> + <description>java truststore credential file</description> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml index 57d21dd..18e4cf6 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-admin-site.xml @@ -21,141 +21,141 @@ <property> <name>ranger.service.host</name> <value>{{ranger_host}}</value> - <description></description> + <description>Host where ranger service to be installed</description> </property> <property> <name>ranger.service.http.enabled</name> <value>true</value> - <description></description> + <description>Enable HTTP</description> </property> <property> <name>ranger.service.http.port</name> <value>6080</value> - <description></description> + <description>HTTP port</description> </property> <property> <name>ranger.service.https.port</name> <value>6182</value> - <description></description> + <description>HTTPS port (if SSL is enabled)</description> </property> <property> <name>ranger.service.https.attrib.ssl.enabled</name> <value>false</value> - <description></description> + <description>true/false, set to true if using SSL</description> </property> <property> <name>ranger.service.https.attrib.clientAuth</name> <value>want</value> - <description></description> + <description>Needs to be set to want for two way SSL</description> </property> <property> <name>ranger.service.https.attrib.keystore.keyalias</name> <value>rangeradmin</value> - <description></description> + <description>Alias for Ranger Admin key in keystore</description> </property> <property> <name>ranger.service.https.attrib.keystore.pass</name> <value>xasecure</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Password for keystore</description> </property> <property> <name>ranger.https.attrib.keystore.file</name> <value>/etc/ranger/admin/conf/ranger-admin-keystore.jks</value> - <description></description> + <description>Ranger admin keystore (specify full path)</description> </property> <property> <name>ranger.externalurl</name> <value>{{ranger_external_url}}</value> - <description></description> + <description>URL to be used by clients to access ranger admin</description> </property> <property> <name>ranger.jpa.jdbc.driver</name> <value>com.mysql.jdbc.Driver</value> - <description></description> + <description>JDBC driver class name</description> </property> <property> <name>ranger.jpa.jdbc.url</name> <value>jdbc:mysql://localhost</value> - <description></description> + <description>JDBC connect string - auto populated based on other values</description> </property> <property> <name>ranger.jpa.jdbc.user</name> <value>{{ranger_db_user}}</value> - <description></description> + <description>JDBC user</description> </property> <property> <name>ranger.jpa.jdbc.password</name> <value>_</value> <property-type>PASSWORD</property-type> - <description></description> + <description>JDBC password</description> </property> <property> <name>ranger.jpa.jdbc.credential.alias</name> <value>rangeradmin</value> - <description></description> + <description>Alias name for storing JDBC password</description> </property> <property> <name>ranger.credential.provider.path</name> <value>/etc/ranger/admin/rangeradmin.jceks</value> - <description></description> + <description>File for credential store, provide full file path</description> </property> <property> <name>ranger.audit.source.type</name> <value>solr</value> - <description></description> + <description>db or solr, based on the audit destination used</description> </property> <property> <name>ranger.audit.solr.urls</name> <value>http://solr_host:6083/solr/ranger_audits</value> - <description></description> + <description>Solr url for audit</description> </property> <property> <name>ranger.authentication.method</name> <value>UNIX</value> - <description></description> + <description>Ranger admin Authentication - UNIX/LDAP/AD/NONE</description> </property> <property> <name>ranger.ldap.url</name> <value>ldap://71.127.43.33:389</value> - <description></description> + <description>LDAP Server URL, only used if Authentication method is LDAP</description> </property> <property> <name>ranger.ldap.user.dnpattern</name> <value>uid={0},ou=users,dc=xasecure,dc=net</value> - <description></description> + <description>LDAP user DN, only used if Authentication method is LDAP</description> </property> <property> <name>ranger.ldap.group.searchbase</name> <value>ou=groups,dc=xasecure,dc=net</value> - <description></description> + <description>LDAP group searchbase, only used if Authentication method is LDAP</description> </property> <property> <name>ranger.ldap.group.searchfilter</name> <value>(member=uid={0},ou=users,dc=xasecure,dc=net)</value> - <description></description> + <description>LDAP group search filter, only used if Authentication method is LDAP</description> </property> <property> @@ -167,7 +167,7 @@ <property> <name>ranger.ldap.group.roleattribute</name> <value>cn</value> - <description></description> + <description>LDAP group role attribute, only used if Authentication method is LDAP</description> </property> <property> @@ -198,13 +198,13 @@ <property> <name>ranger.ldap.ad.domain</name> <value>localhost</value> - <description></description> + <description>AD domain, only used if Authentication method is AD</description> </property> <property> <name>ranger.ldap.ad.url</name> <value>ldap://ad.xasecure.net:389</value> - <description></description> + <description>AD URL, only used if Authentication method is AD</description> </property> <property> @@ -241,81 +241,81 @@ <property> <name>ranger.jpa.audit.jdbc.driver</name> <value>{{ranger_jdbc_driver}}</value> - <description></description> + <description>JDBC driver class name - for audit DB</description> </property> <property> <name>ranger.jpa.audit.jdbc.url</name> <value>{{audit_jdbc_url}}</value> - <description></description> + <description>JDBC connect string - auto populated based on other values</description> </property> <property> <name>ranger.jpa.audit.jdbc.user</name> <value>{{ranger_audit_db_user}}</value> - <description></description> + <description>JDBC user - audit</description> </property> <property> <name>ranger.jpa.audit.jdbc.password</name> <value>_</value> <property-type>PASSWORD</property-type> - <description></description> + <description>JDBC password - audit</description> </property> <property> <name>ranger.jpa.audit.jdbc.credential.alias</name> <value>rangeraudit</value> - <description></description> + <description>Alias name for storing JDBC password - for audit user</description> </property> <property> <name>ranger.unixauth.remote.login.enabled</name> <value>true</value> - <description></description> + <description>Remote login enabled? - only used if Authentication method is UNIX</description> </property> <property> <name>ranger.unixauth.service.hostname</name> <value>localhost</value> - <description></description> + <description>Host where unix authentication service is running - only used if Authentication method is UNIX</description> </property> <property> <name>ranger.unixauth.service.port</name> <value>5151</value> - <description></description> + <description>Port for unix authentication service - only used if Authentication method is UNIX</description> </property> <property> <name>ranger.jpa.jdbc.dialect</name> <value>{{jdbc_dialect}}</value> - <description></description> + <description>JDBC dialect used for policy DB</description> </property> <property> <name>ranger.jpa.audit.jdbc.dialect</name> <value>{{jdbc_dialect}}</value> - <description></description> + <description>JDBC dialect used for audit DB</description> </property> <property> <name>ranger.audit.solr.zookeepers</name> <value>NONE</value> - <description></description> + <description>Solr Zookeeper string</description> </property> <property> <name>ranger.audit.solr.username</name> <value>ranger_solr</value> - <description></description> + <description>Solr username</description> </property> <property> <name>ranger.audit.solr.password</name> <value>NONE</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Solr password</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml index d7dce19..3d31ccb 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/RANGER/configuration/ranger-ugsync-site.xml @@ -21,87 +21,87 @@ <property> <name>ranger.usersync.port</name> <value>5151</value> - <description></description> + <description>Port for unix authentication service, run within usersync</description> </property> <property> <name>ranger.usersync.ssl</name> <value>true</value> - <description></description> + <description>SSL enabled? (ranger admin -> usersync communication)</description> </property> <property> <name>ranger.usersync.keystore.file</name> <value>/usr/hdp/current/ranger-usersync/conf/unixauthservice.jks</value> - <description></description> + <description>Keystore file used for usersync</description> </property> <property> <name>ranger.usersync.keystore.password</name> <value>UnIx529p</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Keystore password</description> </property> <property> <name>ranger.usersync.truststore.file</name> <value>/usr/hdp/current/ranger-usersync/conf/mytruststore.jks</value> - <description></description> + <description>Truststore used for usersync, required if usersync -> ranger admin communication is SSL enabled</description> </property> <property> <name>ranger.usersync.truststore.password</name> <value>changeit</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Truststore password</description> </property> <property> <name>ranger.usersync.passwordvalidator.path</name> <value>./native/credValidator.uexe</value> - <description></description> + <description>Native program for password validation</description> </property> <property> <name>ranger.usersync.enabled</name> <value>true</value> - <description></description> + <description>Usersync enabled?</description> </property> <property> <name>ranger.usersync.sink.impl.class</name> <value>org.apache.ranger.unixusersync.process.PolicyMgrUserGroupBuilder</value> - <description></description> + <description>Class to be used as sink (to sync users into ranger admin)</description> </property> <property> <name>ranger.usersync.policymanager.baseURL</name> <value>{{ranger_external_url}}</value> - <description></description> + <description>URL to be used by clients to access ranger admin, use FQDN</description> </property> <property> <name>ranger.usersync.policymanager.maxrecordsperapicall</name> <value>1000</value> - <description></description> + <description>How many records to be returned per API call</description> </property> <property> <name>ranger.usersync.policymanager.mockrun</name> <value>false</value> - <description></description> + <description>Is user sync doing mock run?</description> </property> <property> <name>ranger.usersync.unix.minUserId</name> <value>500</value> - <description></description> + <description>Only sync users above this user id (applicable for UNIX)</description> </property> <property> <name>ranger.usersync.sleeptimeinmillisbetweensynccycle</name> <value>5</value> - <description></description> + <description>Sleeptime interval in milliseconds, if < 1000 then default to 30 sec</description> </property> <property> @@ -119,74 +119,82 @@ <property> <name>ranger.usersync.filesource.text.delimiter</name> <value>,</value> - <description></description> + <description>Delimiter used in file, if File based user sync is used</description> </property> <property> <name>ranger.usersync.ldap.url</name> <value>ldap://localhost:389</value> - <description></description> + <description>LDAP server URL</description> </property> <property> <name>ranger.usersync.ldap.binddn</name> <value>cn=admin,dc=xasecure,dc=net</value> - <description></description> + <description>Full distinguished name (DN), including common name (CN), of an LDAP user account that has privileges to search for users. </description> </property> <property> <name>ranger.usersync.ldap.ldapbindpassword</name> <value></value> <property-type>PASSWORD</property-type> - <description></description> + <description>Password for the account that can search for users.</description> </property> <property> <name>ranger.usersync.ldap.bindalias</name> <value>testldapalias</value> - <description></description> + <description>Set as ranger.usersync.ldap.bindalias (string as is)</description> </property> <property> <name>ranger.usersync.ldap.bindkeystore</name> <value></value> - <description></description> + <description>Set same value as ranger.usersync.keystore.file property i.e default value /usr/hdp/current/ranger-usersync/conf/ugsync.jceks</description> </property> <property> <name>ranger.usersync.ldap.searchBase</name> <value>dc=hadoop,dc=apache,dc=org</value> - <description></description> + <description>"# search base for users and groups +# sample value would be dc=hadoop,dc=apache,dc=org"</description> </property> <property> <name>ranger.usersync.ldap.user.searchbase</name> <value>ou=users,dc=xasecure,dc=net</value> - <description></description> + <description>"# search base for users +# sample value would be ou=users,dc=hadoop,dc=apache,dc=org +# overrides value specified in ranger.usersync.ldap.searchBase"</description> </property> <property> <name>ranger.usersync.ldap.user.searchscope</name> <value>sub</value> - <description></description> + <description>"# search scope for the users, only base, one and sub are supported values +# please customize the value to suit your deployment +# default value: sub"</description> </property> <property> <name>ranger.usersync.ldap.user.objectclass</name> <value>person</value> - <description></description> + <description>LDAP User Object Class</description> </property> <property> <name>ranger.usersync.ldap.user.searchfilter</name> <value>empty</value> - <description></description> + <description>"optional additional filter constraining the users selected for syncing +# a sample value would be (dept=eng) +# please customize the value to suit your deployment +# default value is empty"</description> </property> <property> <name>ranger.usersync.ldap.user.nameattribute</name> <value>cn</value> - <description></description> + <description>LDAP user name attribute</description> </property> <property> @@ -198,49 +206,58 @@ <property> <name>ranger.usersync.ldap.user.groupnameattribute</name> <value>memberof, ismemberof</value> - <description></description> + <description>LDAP user group name attribute</description> </property> <property> <name>ranger.usersync.ldap.username.caseconversion</name> <value>lower</value> - <description></description> + <description>User name case conversion</description> </property> <property> <name>ranger.usersync.ldap.groupname.caseconversion</name> <value>lower</value> - <description></description> + <description>Group name case conversion</description> </property> <property> <name>ranger.usersync.logdir</name> <value>/var/log/ranger/usersync</value> - <description></description> + <description>User sync log directory</description> </property> <property> <name>ranger.usersync.group.searchenabled</name> <value>false</value> - <description></description> + <description>"# do we want to do ldapsearch to find groups instead of relying on user entry attributes +# valid values: true, false +# any value other than true would be treated as false +# default value: false"</description> </property> <property> <name>ranger.usersync.group.usermapsyncenabled</name> <value>false</value> - <description></description> + <description>User map sync enabled?</description> </property> <property> <name>ranger.usersync.group.searchbase</name> <value> </value> - <description></description> + <description>"# search base for groups +# sample value would be ou=groups,dc=hadoop,dc=apache,dc=org +# overrides value specified in ranger.usersync.ldap.searchBase, ranger.usersync.ldap.user.searchbase +# if a value is not specified, takes the value of ranger.usersync.ldap.searchBase +# if ranger.usersync.ldap.searchBase is also not specified, takes the value of ranger.usersync.ldap.user.searchbase"</description> </property> <property> <name>ranger.usersync.group.searchscope</name> <value> </value> - <description></description> + <description>"# search scope for the groups, only base, one and sub are supported values +# please customize the value to suit your deployment +# default value: sub"</description> </property> <property> @@ -252,37 +269,40 @@ <property> <name>ranger.usersync.group.searchfilter</name> <value> </value> - <description></description> + <description>"# optional additional filter constraining the groups selected for syncing +# a sample value would be (dept=eng) +# please customize the value to suit your deployment +# default value is empty"</description> </property> <property> <name>ranger.usersync.group.nameattribute</name> <value> </value> - <description></description> + <description>LDAP group name attribute</description> </property> <property> <name>ranger.usersync.group.memberattributename</name> <value> </value> - <description></description> + <description>LDAP group member attribute name</description> </property> <property> <name>ranger.usersync.pagedresultsenabled</name> <value>true</value> - <description></description> + <description>Results can be paged?</description> </property> <property> <name>ranger.usersync.pagedresultssize</name> <value>500</value> - <description></description> + <description>Page size</description> </property> <property> <name>ranger.usersync.credstore.filename</name> <value>/usr/hdp/current/ranger-usersync/conf/ugsync.jceks</value> - <description></description> + <description>Credential store file name for user sync, specify full path</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml index 3687e88..b6dd4dc 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-audit.xml @@ -23,98 +23,98 @@ <property> <name>xasecure.audit.is.enabled</name> <value>true</value> - <description></description> + <description>Is Audit enabled?</description> </property> <property> <name>xasecure.audit.destination.db</name> <value>false</value> - <description></description> + <description>Is Audit to DB enabled?</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> - <description></description> + <description>Audit DB JDBC URL</description> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> - <description></description> + <description>Audit DB JDBC User</description> </property> <property> <name>xasecure.audit.destination.db.password</name> <value>crypted</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Audit DB JDBC Passwords</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> - <description></description> + <description>Audit DB JDBC Driver</description> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> - <description></description> + <description>Credential file store</description> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/storm/audit/db/spool</value> - <description></description> + <description>/var/log/storm/audit/db/spool</description> </property> <property> <name>xasecure.audit.destination.hdfs</name> <value>true</value> - <description></description> + <description>Is Audit to HDFS enabled?</description> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description></description> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/storm/audit/hdfs/spool</value> - <description></description> + <description>/var/log/storm/audit/hdfs/spool</description> </property> <property> <name>xasecure.audit.destination.solr</name> <value>false</value> - <description></description> + <description>Is Solr audit enabled?</description> </property> <property> <name>xasecure.audit.destination.solr.urls</name> <value>{{ranger_audit_solr_urls}}</value> - <description></description> + <description>Solr URL</description> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> <value>none</value> - <description></description> + <description>Solr Zookeeper string</description> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/storm/audit/solr/spool</value> - <description></description> + <description>/var/log/storm/audit/solr/spool</description> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> <value>false</value> - <description></description> + <description>Enable Summary audit?</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml index 4fc6452..6aac72d 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/STORM/configuration/ranger-storm-policymgr-ssl.xml @@ -43,19 +43,19 @@ <name>xasecure.policymgr.clientssl.truststore.password</name> <value>changeit</value> <property-type>PASSWORD</property-type> - <description>java truststore password</description> + <description>java truststore password</description> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java keystore credential file</description> + <description>java keystore credential file</description> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java truststore credential file</description> + <description>java truststore credential file</description> </property> </configuration> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml index 044f8ec..bb2bed6 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-audit.xml @@ -23,98 +23,98 @@ <property> <name>xasecure.audit.is.enabled</name> <value>true</value> - <description></description> + <description>Is Audit enabled?</description> </property> <property> <name>xasecure.audit.destination.db</name> <value>false</value> - <description></description> + <description>Is Audit to DB enabled?</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>{{audit_jdbc_url}}</value> - <description></description> + <description>Audit DB JDBC URL</description> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>{{xa_audit_db_user}}</value> - <description></description> + <description>Audit DB JDBC User</description> </property> <property> <name>xasecure.audit.destination.db.password</name> <value>crypted</value> <property-type>PASSWORD</property-type> - <description></description> + <description>Audit DB JDBC Password</description> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>{{jdbc_driver}}</value> - <description></description> + <description>Audit DB JDBC Driver</description> </property> <property> <name>xasecure.audit.credential.provider.file</name> <value>jceks://file{{credential_file}}</value> - <description></description> + <description>Credential file store</description> </property> <property> <name>xasecure.audit.destination.db.batch.filespool.dir</name> <value>/var/log/hadoop/yarn/audit/db/spool</value> - <description></description> + <description>/var/log/hadoop/yarn/audit/db/spool</description> </property> <property> <name>xasecure.audit.destination.hdfs</name> <value>true</value> - <description></description> + <description>Is Audit to HDFS enabled?</description> </property> <property> <name>xasecure.audit.destination.hdfs.dir</name> <value>hdfs://NAMENODE_HOSTNAME:8020/ranger/audit</value> - <description></description> + <description>HDFS folder to write audit to, make sure the service user has requried permissions</description> </property> <property> <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name> <value>/var/log/hadoop/yarn/audit/hdfs/spool</value> - <description></description> + <description>/var/log/hadoop/yarn/audit/hdfs/spool</description> </property> <property> <name>xasecure.audit.destination.solr</name> <value>false</value> - <description></description> + <description>Is Solr audit enabled?</description> </property> <property> <name>xasecure.audit.destination.solr.urls</name> <value>{{ranger_audit_solr_urls}}</value> - <description></description> + <description>Solr URL</description> </property> <property> <name>xasecure.audit.destination.solr.zookeepers</name> <value>none</value> - <description></description> + <description>Solr Zookeeper string</description> </property> <property> <name>xasecure.audit.destination.solr.batch.filespool.dir</name> <value>/var/log/hadoop/yarn/audit/solr/spool</value> - <description></description> + <description>/var/log/hadoop/yarn/audit/solr/spool</description> </property> <property> <name>xasecure.audit.provider.summary.enabled</name> <value>false</value> - <description></description> + <description>Enable Summary audit?</description> </property> </configuration> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml index db456da..65c385f 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-plugin-properties.xml @@ -35,7 +35,7 @@ <property> <name>common.name.for.certificate</name> <value></value> - <description>Used for repository creation on ranger admin</description> + <description>Common name for certificate, this value should match what is specified in repo within ranger admin</description> </property> <property> http://git-wip-us.apache.org/repos/asf/ambari/blob/a9305acb/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml index ffb06d9..0489679 100644 --- a/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml +++ b/ambari-server/src/main/resources/stacks/HDP/2.3/services/YARN/configuration/ranger-yarn-policymgr-ssl.xml @@ -43,19 +43,19 @@ <name>xasecure.policymgr.clientssl.truststore.password</name> <value>changeit</value> <property-type>PASSWORD</property-type> - <description>java truststore password</description> + <description>java truststore password</description> </property> <property> <name>xasecure.policymgr.clientssl.keystore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java keystore credential file</description> + <description>java keystore credential file</description> </property> <property> <name>xasecure.policymgr.clientssl.truststore.credential.file</name> <value>jceks://file{{credential_file}}</value> - <description>java truststore credential file</description> + <description>java truststore credential file</description> </property> </configuration>
