Repository: ambari Updated Branches: refs/heads/trunk 688666137 -> 04febac92
AMBARI-13177. Ranger setup does not respect custom service users (Gautam Borad via smohanty) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/04febac9 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/04febac9 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/04febac9 Branch: refs/heads/trunk Commit: 04febac926e70aed3e0546acf6a5b6d92437f19a Parents: 6886661 Author: Sumit Mohanty <[email protected]> Authored: Thu Sep 24 08:14:11 2015 -0700 Committer: Sumit Mohanty <[email protected]> Committed: Thu Sep 24 08:14:11 2015 -0700 ---------------------------------------------------------------------- .../libraries/functions/setup_ranger_plugin.py | 9 +++++-- .../0.4.0/package/scripts/setup_ranger.py | 28 +++++++++++++++++++- .../stacks/2.2/RANGER/test_ranger_admin.py | 22 ++++++++++++++- .../stacks/2.2/RANGER/test_ranger_usersync.py | 23 ++++++++++++++++ 4 files changed, 78 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/04febac9/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py ---------------------------------------------------------------------- diff --git a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py index a675d97..e4a19aa 100644 --- a/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py +++ b/ambari-common/src/main/python/resource_management/libraries/functions/setup_ranger_plugin.py @@ -32,12 +32,12 @@ from resource_management.core.exceptions import Fail from resource_management.libraries.functions.ranger_functions_v2 import RangeradminV2 def setup_ranger_plugin(component_select_name, service_name, - downloaded_custom_connector, driver_curl_source, + downloaded_custom_connector, driver_curl_source, driver_curl_target, java_home, repo_name, plugin_repo_dict, ranger_env_properties, plugin_properties, policy_user, policymgr_mgr_url, - plugin_enabled,api_version=None, **kwargs): + plugin_enabled, component_user, component_group, api_version=None, **kwargs): File(downloaded_custom_connector, content = DownloadSource(driver_curl_source), mode = 0644 @@ -60,6 +60,11 @@ def setup_ranger_plugin(component_select_name, service_name, properties = plugin_properties ) + custom_plugin_properties = dict() + custom_plugin_properties['CUSTOM_USER'] = component_user + custom_plugin_properties['CUSTOM_GROUP'] = component_group + ModifyPropertiesFile(file_path,properties = custom_plugin_properties) + if plugin_enabled: cmd = (format('enable-{service_name}-plugin.sh'),) if api_version == 'v2' and api_version is not None: http://git-wip-us.apache.org/repos/asf/ambari/blob/04febac9/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py index d0fea38..27bccdc 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger.py @@ -45,11 +45,19 @@ def setup_ranger_admin(): sudo=True) File(params.driver_curl_target, mode=0644) - + ModifyPropertiesFile(format("{ranger_home}/install.properties"), properties = params.config['configurations']['admin-properties'] ) + custom_config = dict() + custom_config['unix_user'] = params.unix_user + custom_config['unix_group'] = params.unix_group + + ModifyPropertiesFile(format("{ranger_home}/install.properties"), + properties=custom_config + ) + ##if db flavor == oracle - set oracle home env variable if params.db_flavor.lower() == 'oracle' and params.oracle_home: env_dict = {'JAVA_HOME': params.java_home, 'ORACLE_HOME':params.oracle_home, 'LD_LIBRARY_PATH':params.oracle_home} @@ -71,6 +79,11 @@ def setup_ranger_admin(): mode=0744 ) + Directory(params.admin_log_dir, + owner = params.unix_user, + group = params.unix_group + ) + def setup_usersync(): import params @@ -78,6 +91,14 @@ def setup_usersync(): properties = params.config['configurations']['usersync-properties'], ) + custom_config = dict() + custom_config['unix_user'] = params.unix_user + custom_config['unix_group'] = params.unix_group + + ModifyPropertiesFile(format("{usersync_home}/install.properties"), + properties=custom_config + ) + cmd = format("cd {usersync_home} && ") + as_sudo([format('{usersync_home}/setup.sh')]) Execute(cmd, environment={'JAVA_HOME': params.java_home}, logoutput=True) @@ -88,6 +109,11 @@ def setup_usersync(): mode = 0755, ) + Directory(params.usersync_log_dir, + owner = params.unix_user, + group = params.unix_group + ) + def check_db_connnection(): import params http://git-wip-us.apache.org/repos/asf/ambari/blob/04febac9/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py index e9eb145..707718c 100644 --- a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py +++ b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_admin.py @@ -130,6 +130,12 @@ class TestRangerAdmin(RMFTestCase): self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties', properties = self.getConfig()['configurations']['admin-properties'], ) + custom_config=dict() + custom_config['unix_user'] = "ranger" + custom_config['unix_group'] = "ranger" + self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties', + properties = custom_config, + ) self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-admin && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-admin/setup.sh', logoutput = True, environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, @@ -141,7 +147,11 @@ class TestRangerAdmin(RMFTestCase): mode = 0744, properties = self.getConfig()['configurations']['ranger-site'] ) - + self.assertResourceCalled('Directory', '/var/log/ranger/admin', + owner = custom_config['unix_user'], + group = custom_config['unix_group'] + ) + def assert_configure_secured(self): self.assertResourceCalled('Execute', 'mysql -u root --password=rootpassword -h localhost -s -e "select version();"',logoutput = True, environment = {}) @@ -162,6 +172,12 @@ class TestRangerAdmin(RMFTestCase): self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties', properties = self.getConfig()['configurations']['admin-properties'], ) + custom_config=dict() + custom_config['unix_user'] = "ranger" + custom_config['unix_group'] = "ranger" + self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-admin/install.properties', + properties = custom_config, + ) self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-admin && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-admin/setup.sh', logoutput = True, environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, @@ -173,6 +189,10 @@ class TestRangerAdmin(RMFTestCase): mode = 0744, properties = self.getConfig()['configurations']['ranger-site'] ) + self.assertResourceCalled('Directory', '/var/log/ranger/admin', + owner = custom_config['unix_user'], + group = custom_config['unix_group'] + ) def test_pre_rolling_upgrade_23(self, ): http://git-wip-us.apache.org/repos/asf/ambari/blob/04febac9/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py index b8c75ec..6accd29 100644 --- a/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py +++ b/ambari-server/src/test/python/stacks/2.2/RANGER/test_ranger_usersync.py @@ -163,6 +163,14 @@ class TestRangerUsersync(RMFTestCase): self.assertResourceCalled('PropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties', properties = self.getConfig()['configurations']['usersync-properties'], ) + + custom_config=dict() + custom_config['unix_user'] = "ranger" + custom_config['unix_group'] = "ranger" + self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties', + properties = custom_config, + ) + self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-usersync && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-usersync/setup.sh', logoutput = True, environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, @@ -176,11 +184,22 @@ class TestRangerUsersync(RMFTestCase): self.assertResourceCalled('File', '/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh', mode = 0755, ) + self.assertResourceCalled('Directory', '/var/log/ranger/usersync', + owner = custom_config['unix_user'], + group = custom_config['unix_group'] + ) + def assert_configure_secured(self): self.assertResourceCalled('PropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties', properties = self.getConfig()['configurations']['usersync-properties'], ) + custom_config=dict() + custom_config['unix_user'] = "ranger" + custom_config['unix_group'] = "ranger" + self.assertResourceCalled('ModifyPropertiesFile', '/usr/hdp/current/ranger-usersync/install.properties', + properties = custom_config, + ) self.assertResourceCalled('Execute', 'cd /usr/hdp/current/ranger-usersync && ambari-sudo.sh [RMF_ENV_PLACEHOLDER] -H -E /usr/hdp/current/ranger-usersync/setup.sh', logoutput = True, environment = {'JAVA_HOME': u'/usr/jdk64/jdk1.7.0_45'}, @@ -194,3 +213,7 @@ class TestRangerUsersync(RMFTestCase): self.assertResourceCalled('File', '/usr/hdp/current/ranger-usersync/ranger-usersync-services.sh', mode = 0755, ) + self.assertResourceCalled('Directory', '/var/log/ranger/usersync', + owner = custom_config['unix_user'], + group = custom_config['unix_group'] + )
